Internet of things

The Internet of Things (IoT) refers to a network of physical objects equipped with sensors, processing capabilities, software, and other technologies, enabling them to connect and exchange data with other devices and systems via the Internet or alternative communication networks. This interdisciplinary field integrates principles from electronics, communication, and computer science engineering. Despite its name, the term "Internet of Things" is often considered a misnomer, as many devices do not require a connection to the public Internet; instead, they necessitate network connectivity and individual addressability.

Internet of things (IoT) describes physical objects that are embedded with sensors, processing ability, software, and other technologies that connect and exchange data with other devices and systems over the Internet or other communication networks. The field of IoT encompasses electronics, communication, and computer science engineering. "Internet of things" has been considered a misnomer because most devices do not need to be connected to the public Internet; they only need to be connected to a network and be individually addressable.

The evolution of this domain is attributed to the convergence of various technologies, such as ubiquitous computing, sensor technology, embedded systems, and machine learning. Historically, embedded systems, wireless sensor networks, control systems, and automation have individually and collectively contributed to the foundational enablement of the Internet of Things.

Although IoT technology is predominantly recognized in the consumer market through smart home products, such as thermostats and smart speakers, its most significant applications reside within the business and industrial sectors. Commercial asset tracking and fleet management constitute the largest individual IoT application, capturing 22% of the total market share, primarily driven by the imperative to monitor mobile assets, including vehicles and shipping containers. Within transport and logistics, the most substantial asset tracking sub-segments are trailer and intermodal container tracking, which are projected to reach 5.8 million and 5.3 million active devices worldwide by the close of 2024, respectively. Additional prominent applications encompass industrial monitoring, smart metering within utility sectors, and connected healthcare.

Nevertheless, the proliferation of IoT technologies and products raises several concerns, particularly regarding privacy and security risks. In response, numerous industries, technology corporations, and governmental bodies across various nations have initiated comprehensive measures and implemented diverse precautionary protocols to effectively mitigate these concerns and minimize associated safety risks, including the formulation and adoption of international and local standards, guidelines, and regulatory frameworks. The interconnected architecture of IoT devices renders them susceptible to security breaches and privacy vulnerabilities. Simultaneously, the wireless communication mechanisms employed by these devices introduce regulatory ambiguities, thereby complicating the establishment of jurisdictional boundaries for data transfer.

Background

Approximately in 1972, the Stanford Artificial Intelligence Laboratory developed a computer-controlled vending machine for remote site deployment. This machine, adapted from a unit leased from Canteen Vending, facilitated sales either for cash or on credit via a computer terminal (Teletype Model 33 KSR). Its product offerings included beer, yogurt, and milk. The machine was designated the Prancing Pony, a name derived from the room it occupied, which itself was named after an inn featured in J. R. R. Tolkien's epic fantasy novel, The Lord of the Rings. An updated successor version continues to operate within the Computer Science Department at Stanford, featuring contemporary hardware and software.

History

In 1982, an initial prototype of a network-connected smart device was developed: an Internet interface for sensors integrated into the Carnegie Mellon University Computer Science Department's departmental Coca-Cola vending machine. This system, maintained by graduate student volunteers, provided real-time temperature data and inventory status, drawing inspiration from the computer-controlled vending machine located in the Prancing Pony room at the Stanford Artificial Intelligence Laboratory. Although initially accessible exclusively within the CMU campus network, this device subsequently achieved recognition as the first appliance connected to the ARPANET.

The contemporary vision of the IoT emerged from Mark Weiser's seminal 1991 paper on ubiquitous computing, "The Computer of the 21st Century," alongside contributions from academic forums like UbiComp and PerCom. In 1994, Reza Raji articulated this concept in IEEE Spectrum, characterizing it as the process of "[moving] small packets of data to a large set of nodes, so as to integrate and automate everything from home appliances to entire factories." From 1993 to 1997, various corporations introduced proposed solutions, including Microsoft's at Work and Novell's NEST. The domain gained significant traction when Bill Joy conceptualized device-to-device communication as an integral component of his "Six Webs" framework, unveiled at the 1999 World Economic Forum in Davos.

Peter T. Lewis introduced the concept and term "Internet of Things" in a speech to the Congressional Black Caucus Foundation 15th Annual Legislative Weekend in Washington, D.C., which was subsequently published in September 1985. Lewis defined IoT as "the integration of people, processes, and technology with connectable devices and sensors to enable remote monitoring, status, manipulation, and evaluation of trends of such devices."

Kevin Ashton, then associated with Procter & Gamble and later with the Massachusetts Institute of Technology's Auto-ID Center, independently coined the term "Internet of Things" in 1999, although he favored the alternative phrase "Internet for things." Ashton viewed radio-frequency identification (RFID) as a crucial element of the IoT at that time, positing that it would facilitate computer management of individual objects. A fundamental characteristic of the IoT has been identified as its capacity to integrate short-range mobile transceivers into diverse devices and everyday items, thereby fostering novel communication pathways among individuals and objects, and between objects themselves.

In 2004, Cornelius "Pete" Peterson, CEO of NetSilicon, forecasted that "The next era of information technology will be dominated by [IoT] devices, and networked devices will ultimately gain in popularity and significance to the extent that they will far exceed the number of networked computers and workstations." Peterson specifically identified medical devices and industrial control systems as prospective primary applications for this technology.

Cisco Systems defined the Internet of Things as the juncture at which the number of connected "things" or objects on the Internet surpassed the number of people connected. Based on this definition, Cisco Systems estimated the emergence of the IoT to be between 2008 and 2009, a period during which the ratio of connected devices to people increased from 0.08 in 2003 to 1.84 in 2010.

Applications

The broad spectrum of applications for IoT devices is commonly categorized into consumer, commercial, industrial, and infrastructure sectors.

Consumers

An increasing number of IoT devices are designed for consumer applications, encompassing connected vehicles, home automation systems, wearable technologies, connected health solutions, and appliances featuring remote monitoring functionalities.

Home automation

IoT devices integrate within the wider framework of home automation, which typically encompasses control over lighting, heating, air conditioning, media systems, security apparatus, and surveillance cameras. Furthermore, potential long-term advantages involve energy conservation, achieved through automated power-off functions for lights and electronics, or by providing residents with detailed usage insights.

An automated home, often referred to as a smart home, typically operates via a central platform or hubs that manage various smart devices and appliances. For example, Apple's HomeKit enables manufacturers to integrate their home products and accessories for control through applications on iOS devices, including the iPhone and Apple Watch. Such control can be facilitated by a specialized application or through native iOS functionalities like Siri. Lenovo's Smart Home Essentials exemplifies this, offering a range of smart home devices controllable via Apple's Home app or Siri, eliminating the requirement for a separate Wi-Fi bridge. Furthermore, various dedicated smart home hubs function as independent platforms for interconnecting diverse smart home products. Notable examples include the Amazon Echo, Google Home, Apple HomePod, and Samsung SmartThings Hub. Beyond these commercial offerings, numerous non-proprietary, open-source ecosystems exist, such as Home Assistant, OpenHAB, and Domoticz.

Elder care

A significant application of smart home technology involves providing assistance to elderly individuals and those with disabilities. Such systems integrate assistive technologies designed to address an occupant's particular disabilities. Voice control features can aid users experiencing visual or mobility impairments, while alert systems can be directly linked to cochlear implants for individuals with hearing deficits. Moreover, these homes can incorporate supplementary safety functionalities, such as sensors that detect medical emergencies like falls or seizures. The implementation of smart home technology in this manner can enhance user autonomy and elevate their quality of life.

Organizations

The designation "Enterprise IoT" pertains to devices deployed within business and corporate environments.

Medical and healthcare

The Internet of Medical Things (IoMT) represents an application of the IoT specifically designed for medical and health-related objectives, encompassing data collection, research analysis, and patient monitoring. This IoMT framework is often termed "Smart Healthcare" due to its role in establishing a digitized healthcare ecosystem that integrates medical resources and services.

Internet of Things (IoT) devices facilitate remote health monitoring and emergency notification systems. These monitoring tools span a spectrum from basic blood pressure and heart rate monitors to sophisticated devices capable of overseeing specialized implants, including pacemakers, Fitbit electronic wristbands, and advanced hearing aids. Certain hospitals have adopted "smart beds" that autonomously detect occupancy and patient egress attempts, further adjusting to provide optimal pressure and support without requiring manual nursing intervention. A 2015 Goldman Sachs report projected that healthcare IoT devices could reduce annual healthcare expenditures in the United States by over $300 billion through enhanced revenue generation and cost reduction. Furthermore, the integration of mobile devices for medical follow-up has given rise to 'm-health', a field dedicated to analyzing health statistics.

Specialized sensors can be deployed in residential environments to monitor the health and overall well-being of senior citizens, ensuring appropriate treatment administration and aiding in mobility recovery through therapeutic interventions. These sensors establish an intelligent network capable of collecting, processing, transferring, and analyzing critical data across various settings, such as linking in-home monitoring devices with hospital systems. The IoT also enables other consumer devices for promoting healthy lifestyles, including connected scales and wearable heart monitors. Comprehensive, end-to-end IoT health monitoring platforms are additionally accessible for antenatal and chronic patients, assisting in the management of vital health parameters and recurring medication schedules.

Progress in the fabrication methods for plastic and fabric electronics has facilitated the development of ultra-low-cost, disposable IoMT sensors. These sensors, along with their requisite radio-frequency identification electronics, can be manufactured on paper or e-textiles, creating wirelessly powered, single-use sensing devices. Such technologies have found applications in point-of-care medical diagnostics, where portability and minimal system complexity are paramount.

By 2018, the IoMT had been integrated into the clinical laboratory industry.

Within the insurance sector, IoMT offers access to enhanced and novel forms of dynamic information. This encompasses sensor-based solutions, including biosensors, wearables, connected health devices, and mobile applications, all designed to monitor customer behavior. Such data can contribute to more precise underwriting processes and the development of innovative pricing models.

The integration of IoT in healthcare is crucial for the management of chronic diseases and for initiatives in disease prevention and control. Remote monitoring capabilities are facilitated by the deployment of wireless solutions. This connectivity empowers healthcare practitioners to collect patient data and utilize algorithms for comprehensive health data analysis.

Transportation

The IoT can facilitate the integration of communication, control, and information processing throughout diverse transportation systems. Its application spans all facets of transportation, including vehicles, infrastructure, and users. The dynamic interplay among these transport system components enables inter- and intra-vehicular communication, intelligent traffic management, smart parking solutions, electronic toll collection, logistics and fleet management, vehicle control, safety enhancements, and roadside assistance. For vehicle security, IoT-enabled GPS trackers can function for extended periods on internal batteries, leveraging low-power wide-area network protocols like LTE-M to relay location data to owners via smartphone applications upon detecting unauthorized movement.

V2X Communications

Within vehicular communication systems, vehicle-to-everything communication (V2X) comprises three primary constituents: vehicle-to-vehicle communication (V2V), vehicle-to-infrastructure communication (V2I), and vehicle-to-pedestrian communication (V2P). Ultimately, V2X represents a foundational step toward achieving autonomous driving and integrated road infrastructure.

Home Automation

Internet of Things (IoT) devices facilitate the monitoring and control of mechanical, electrical, and electronic systems within diverse building types, encompassing public, private, industrial, institutional, and residential structures, through home and building automation systems. Academic literature primarily addresses three key areas within this domain:

• The integration of the Internet with building energy management systems to establish energy-efficient and IoT-driven smart buildings.
• The potential methods for real-time monitoring aimed at reducing energy consumption and observing occupant behaviors.
• The incorporation of smart devices into the built environment and their prospective applications.

Industrial Applications

Industrial IoT (IIoT) devices are instrumental in acquiring and analyzing data from interconnected equipment, operational technology (OT), physical locations, and personnel. When integrated with OT monitoring systems, IIoT enables the regulation and oversight of industrial operations. Furthermore, IIoT applications extend to automating record updates for asset placement within industrial storage facilities. Given that asset sizes can range from small components to entire motor spare parts, accurate tracking is crucial to prevent misplacement, which can lead to significant losses in labor time and financial resources.

Manufacturing

The IoT facilitates the interconnection of various manufacturing devices equipped with sensing, identification, processing, communication, actuation, and networking capabilities. Networked control and management of manufacturing equipment, alongside asset and situation management or manufacturing process control, enable IoT utilization for industrial applications and smart manufacturing. IoT intelligent systems support rapid manufacturing, optimize new product development, and facilitate swift responses to product demands.

Digital control systems, which aim to automate process controls, operator tools, and service information systems while optimizing plant safety and security, fall within the scope of IIoT. Moreover, IoT can be applied to asset management through predictive maintenance, statistical evaluation, and precise measurements to maximize reliability. Industrial management systems can be integrated with smart grids, thereby enabling energy optimization. Networked sensors provide essential functions such as measurements, automated controls, plant optimization, and health and safety management.

Beyond general manufacturing, IoT is also employed in processes related to the industrialization of construction.

Agriculture

Numerous IoT applications exist in agriculture, including data collection on temperature, rainfall, humidity, wind speed, pest infestation, and soil composition. This data can be leveraged to automate farming techniques, inform decisions for improving quality and quantity, minimize risks and waste, and reduce the labor required for crop management. For instance, farmers can remotely monitor soil temperature and moisture, and apply IoT-acquired data to precision fertilization programs. The overarching objective is that sensor data, combined with a farmer's expertise and intuition, can enhance farm productivity and reduce operational costs.

In August 2018, Toyota Tsusho initiated a collaboration with Microsoft to develop fish farming tools leveraging the Microsoft Azure application suite for IoT-based water management. These water pump mechanisms, partially developed by researchers from Kindai University, employ artificial intelligence to count fish on conveyor belts, analyze their numbers, and infer the efficacy of water flow based on the collected fish data. Additionally, the FarmBeats project by Microsoft Research, which utilizes TV white space for farm connectivity, is now integrated into the Azure Marketplace.

Maritime

IoT devices are utilized for monitoring the environments and systems of boats and yachts. Given that many pleasure boats remain unattended for extended periods, particularly during summer and winter, these devices provide crucial early alerts regarding potential flooding, fires, and deep battery discharge. The integration of global Internet data networks, such as Sigfox, with long-life batteries and microelectronics, enables continuous monitoring of engine rooms, bilges, and batteries, with reports accessible via connected Android and Apple applications.

Infrastructure

A primary application of the Internet of Things (IoT) involves the oversight and management of sustainable urban and rural infrastructure, encompassing structures such as bridges, railway networks, and both onshore and offshore wind farms. IoT infrastructure facilitates the continuous monitoring of structural conditions, detecting events or alterations that could jeopardize safety or elevate operational risks. Within the construction sector, IoT implementation offers substantial advantages, including reduced costs, accelerated project timelines, enhanced work quality, streamlined paperless workflows, and increased overall productivity. Furthermore, IoT-enabled real-time data analytics supports expedited decision-making and generates financial savings. The technology also enables efficient scheduling of repair and maintenance operations through improved coordination among various service providers and facility users. IoT devices can additionally govern critical infrastructure, such as controlling bridge access for maritime vessels. The deployment of IoT for infrastructure monitoring and operation is anticipated to significantly enhance incident management, optimize emergency response coordination, improve service quality and system uptimes, and reduce operational expenditures across all infrastructure domains. Even sectors like waste management stand to gain from these technological advancements.

Large-Scale Metropolitan Deployments

Numerous large-scale Internet of Things (IoT) deployments are either planned or currently underway, aiming to enhance the management of urban environments and their associated systems. For instance, Songdo, South Korea, is being progressively developed as the inaugural fully integrated and wired smart city, with approximately 70 percent of its business district completed by June 2018. A significant segment of this pioneering city is designed to be extensively networked and automated, enabling operations with minimal human involvement.

In 2014, a distinct IoT application project was initiated in Santander, Spain, employing a dual-approach deployment strategy. This city, with a population of 180,000, has recorded 18,000 downloads of its municipal smartphone application. The application integrates with 10,000 sensors, facilitating services such as parking availability detection and environmental surveillance. Furthermore, this deployment leverages contextual city data to implement a 'spark deals' mechanism, which analyzes urban behavior to optimize the effectiveness of promotional notifications for local businesses.

Additional examples of extensive IoT deployments include the Sino-Singapore Guangzhou Knowledge City; initiatives in San Jose, California, focused on enhancing air and water quality, mitigating noise pollution, and improving transportation efficiency; and intelligent traffic management systems in western Singapore. Ingenu, a San Diego-based company, has established a nationwide public network for low-bandwidth data transmissions utilizing its Random Phase Multiple Access (RPMA) technology, operating within the unlicensed 2.4 gigahertz spectrum shared with Wi-Fi. Ingenu's "Machine Network" provides coverage to over one-third of the U.S. population across 35 major metropolitan areas, including San Diego and Dallas. In 2014, the French firm Sigfox initiated the construction of an Ultra Narrowband wireless data network in the San Francisco Bay Area, marking the first such commercial deployment in the United States. Sigfox later declared plans to install 4,000 base stations to encompass 30 U.S. cities by the close of 2016, positioning it as the nation's most extensive IoT network coverage provider at that time. Cisco is also actively involved in smart city initiatives, having implemented technologies for Smart Wi-Fi, Smart Safety Security, Smart Lighting, Smart Parking, Smart Transports, Smart Bus Stops, Smart Kiosks, Remote Expert for Government Services (REGS), and Smart Education within a five-kilometer radius in Vijayawada, India.

A further instance of a significant IoT deployment is the system implemented by New York Waterways in New York City, which connects and enables 24/7 live monitoring of all municipal vessels. Fluidmesh Networks, a Chicago-based firm specializing in wireless networks for critical applications, designed and engineered this network. The New York Waterways (NYWW) network currently extends coverage across the Hudson River, East River, and Upper New York Bay. This wireless infrastructure empowers NY Waterway with unprecedented control over its fleet and passenger operations. Emerging applications facilitated by this system include enhanced security, comprehensive energy and fleet management, digital signage, public Wi-Fi access, and paperless ticketing, among others.

Energy Management

Numerous energy-consuming devices, including lighting fixtures, domestic appliances, motors, and pumps, now incorporate Internet connectivity. This integration enables communication with utility providers, facilitating both the balancing of power generation and the comprehensive optimization of overall energy consumption. Such devices support remote user control or centralized management via cloud-based interfaces, enabling functions like scheduling (e.g., remote activation or deactivation of heating systems, oven control, and dynamic adjustment of lighting conditions). The smart grid exemplifies a utility-centric Internet of Things (IoT) application, where systems gather and process energy and power-related information to enhance the efficiency of electricity production and distribution. Utilizing advanced metering infrastructure (AMI) and Internet-connected devices, electric utilities not only collect data from end-users but also manage distribution automation components, such as transformers.

Environmental Monitoring

Internet of Things (IoT) applications for environmental monitoring commonly deploy sensors to support environmental protection efforts. These sensors monitor parameters such as air and water quality, atmospheric and soil conditions, and can extend to tracking wildlife movements and their habitats. The proliferation of resource-constrained, Internet-connected devices also facilitates additional applications, such as earthquake or tsunami early-warning systems, which can be leveraged by emergency services to deliver more effective assistance. In this context, IoT devices often cover extensive geographic areas and may possess mobility. Proponents suggest that the standardization introduced by IoT in wireless sensing will fundamentally transform this domain.

Living Labs

The concept of a "living lab" represents another significant integration of the Internet of Things (IoT). Living labs integrate and synthesize research and innovation processes, operating within a public-private-people partnership framework. From 2006 to January 2024, more than 440 living labs were established (though not all remain active), utilizing IoT to foster collaboration and knowledge exchange among stakeholders for the co-creation of innovative technological products. For companies aiming to implement and develop IoT services within smart cities, economic incentives are crucial. The U.S. government is a pivotal actor in smart city initiatives; policy modifications are anticipated to facilitate urban IoT implementation, thereby enhancing the effectiveness, efficiency, and accuracy of resource utilization. For example, the U.S. government offers tax incentives, affordable rent, and improved public transportation, cultivating an environment where start-up companies, creative industries, and multinational corporations can co-create, share common infrastructure and labor markets, and leverage locally embedded technologies, production processes, and reduced transaction costs.

Military Applications

The Internet of Military Things (IoMT) denotes the application of Internet of Things (IoT) technologies within the military sector, primarily for reconnaissance, surveillance, and other combat-related objectives. This domain is significantly shaped by the evolving landscape of urban warfare and encompasses the deployment of sensors, munitions, vehicles, robotics, human-wearable biometric devices, and other intelligent technologies pertinent to the battlefield.

An illustrative example of an IoT device employed in military contexts is the Xaver 1000 system. Developed by Israel's Camero Tech, the Xaver 1000 represents the most recent iteration in the company's series of "through-wall imaging systems." The Xaver product line operates using millimeter wave (MMW) radar, specifically within the 30-300 gigahertz frequency range. This system integrates an AI-based live target tracking capability alongside proprietary 3D 'sense-through-the-wall' technology.

Internet of Battlefield Things

The Internet of Battlefield Things (IoBT) is a project conceived and implemented by the U.S. Army Research Laboratory (ARL), concentrating on fundamental scientific principles related to IoT that aim to augment the capabilities of Army personnel. In 2017, ARL inaugurated the Internet of Battlefield Things Collaborative Research Alliance (IoBT-CRA), forging a collaborative partnership among industry, academic institutions, and Army researchers to advance the theoretical underpinnings of IoT technologies and their practical applications in Army operations.

Ocean of Things

The Ocean of Things initiative, a program spearheaded by DARPA, aims to implement an Internet of Things infrastructure across extensive oceanic regions. Its primary objective is to gather, monitor, and analyze data pertaining to environmental conditions and maritime vessel activities. This project involves deploying approximately 50,000 floats, each equipped with a passive sensor suite capable of autonomously detecting and tracking both military and commercial vessels within a cloud-based network.

Product Digitalization

Smart or active packaging incorporates various applications where a QR code or NFC tag is integrated onto a product or its packaging. While these tags are inherently passive, they embed a unique identifier, typically a URL, which allows users to access digital product information via a smartphone. Although these passive elements are not strictly components of the Internet of Things, they function as facilitators of digital interactions. The concept of the "Internet of Packaging" has emerged to characterize applications leveraging unique identifiers for supply chain automation and widespread consumer access to digital content through scanning. Product authentication, achieved by verifying these unique identifiers, can be performed using a copy-sensitive digital watermark or a copy detection pattern when scanning QR codes, whereas NFC tags offer encrypted communication capabilities.

Trends and Characteristics

A significant trend observed in the Internet of Things (IoT) in recent years is the exponential growth in the number of devices connected to and managed through the Internet. Given its extensive application across diverse sectors, IoT facilitates a more direct integration of the physical environment into computer-based systems. This integration yields substantial benefits, including enhanced efficiency, considerable economic advantages, and a reduction in human effort. According to IoT Analytics, 16.6 billion IoT devices were connected in 2023. The same firm had projected 30 billion connected devices by 2025, while current estimates for October 2024 indicate approximately 17 billion devices.

Intelligence

While ambient intelligence and autonomous control were not integral to the foundational concept of the Internet of Things, nor do they inherently necessitate Internet infrastructure, a notable research shift is occurring. Companies like Intel are actively exploring the integration of IoT principles with autonomous control, with early findings suggesting that objects themselves can serve as the primary drivers for autonomous IoT systems. Within this framework, deep reinforcement learning emerges as a pertinent approach, particularly as most IoT systems operate within dynamic and interactive environments. Conventional machine learning algorithms, such as supervised learning, are insufficient for training an agent (e.g., an IoT device) to exhibit intelligent behavior in such contexts. Conversely, a reinforcement learning methodology enables a learning agent to perceive the environment's state (e.g., detecting home temperature), execute actions (e.g., activating or deactivating HVAC), and optimize its long-term performance by maximizing accumulated rewards.

IoT intelligence is implementable across three distinct architectural layers: IoT devices, Edge/Fog nodes, and cloud computing. The necessity for intelligent control and decision-making at each layer is dictated by the time-sensitivity requirements of the specific IoT application. For instance, an autonomous vehicle's camera system mandates real-time obstacle detection to prevent collisions. Such rapid decision-making is infeasible if data must be transmitted to cloud instances for processing and then returned to the vehicle; consequently, these operations must be executed locally within the vehicle. The integration of sophisticated machine learning algorithms, including deep learning, directly into IoT devices represents a vibrant area of research aimed at realizing truly intelligent objects. Furthermore, maximizing the utility of IoT deployments involves comprehensive analysis of IoT data, extracting latent information, and forecasting control decisions. The IoT domain employs a diverse array of machine learning techniques, encompassing traditional methods like regression, support vector machines, and random forests, as well as advanced approaches such as convolutional neural networks, LSTM, and variational autoencoders.

The future Internet of Things (IoT) is envisioned as a non-deterministic, open network where self-organizing or intelligent entities, such as web services and SOA components, alongside virtual objects like avatars, will achieve interoperability and operate autonomously. Their actions will be guided by individual or collective objectives, adapting to specific contexts, circumstances, or environments. A significant research imperative, crucial for establishing the credibility of IoT technology, involves developing autonomous behavior through the acquisition and interpretation of contextual information. This includes an object's capacity to detect environmental changes, such as sensor malfunctions, and implement appropriate mitigation strategies. While contemporary IoT products and solutions employ diverse technologies to facilitate context-aware automation, more advanced forms of intelligence are necessary to enable the deployment of sensor units and intelligent cyber-physical systems in real-world settings.

Architecture

The fundamental architecture of an IoT system typically comprises three distinct tiers: Tier 1, Devices; Tier 2, the Edge Gateway; and Tier 3, the Cloud. Tier 1 encompasses networked devices, including sensors and actuators commonly found in IoT equipment, which often utilize protocols such as Modbus, Bluetooth, Zigbee, or proprietary communication methods to connect with an Edge Gateway. The Edge Gateway layer, Tier 2, consists of systems designed for sensor data aggregation. These Edge Gateways perform functions such as data pre-processing, securing cloud connectivity via technologies like WebSockets and event hubs, and, in certain instances, executing edge analytics or fog computing. Furthermore, the Edge Gateway layer is essential for presenting a unified view of devices to higher architectural layers, thereby simplifying management. The final tier, Tier 3, hosts cloud applications specifically developed for IoT, frequently employing a microservices architecture. These applications are often polyglot and inherently secure, leveraging protocols such as HTTPS/OAuth. This tier integrates various database systems for storing sensor data, including time-series databases or asset stores that utilize backend storage solutions like Cassandra or PostgreSQL. Most cloud-based IoT systems within the cloud tier also incorporate event queuing and messaging systems to manage communication across all architectural layers. Some experts propose an alternative three-tier classification for IoT systems: edge, platform, and enterprise, interconnected by proximity, access, and service networks, respectively.

Network architecture

IoT necessitates substantial network scalability to accommodate the proliferation of devices. IETF 6LoWPAN offers a mechanism for integrating devices into IP networks. Given the addition of billions of devices to the internet, IPv6 is poised to play a critical role in addressing network layer scalability. Lightweight data transport can be facilitated by protocols such as IETF's Constrained Application Protocol, ZeroMQ, and MQTT. Practically, numerous IoT device clusters operate behind gateway nodes and may not possess unique IP addresses. Moreover, the pervasive interconnection of every object is not a prerequisite for most applications, as the primary requirement is often the interconnection of data at a higher logical layer.

Fog computing presents a viable alternative for mitigating the substantial data traffic surge across the Internet. Edge devices inherently possess extremely limited computational power for data analysis and processing. This constrained processing capability is a defining characteristic of IoT devices, as their primary function is to provide data about physical objects while maintaining autonomy. Demanding processing tasks consume significant battery power, which can compromise the operational longevity of IoT devices. While scalability is readily achieved by IoT devices simply transmitting data over the Internet to a server with ample processing capacity, this approach contributes to the large data flow that fog computing aims to alleviate.

Decentralized IoT

Decentralized Internet of Things, or decentralized IoT, represents a modified IoT paradigm that leverages fog computing to manage and distribute requests from connected IoT devices. This approach aims to reduce the load on centralized cloud servers and enhance responsiveness for latency-sensitive IoT applications. Examples include patient vital signs monitoring, vehicle-to-vehicle communication in autonomous driving, and critical failure detection in industrial equipment. This architecture significantly improves performance, particularly in extensive IoT systems comprising millions of nodes.

Conventional Internet of Things (IoT) architectures typically rely on a mesh network governed by a central head node, which functions as a centralized controller. This head node dictates the processes for data creation, storage, and transmission. Conversely, decentralized IoT paradigms aim to segment IoT systems into smaller, distributed divisions. Within this model, the head node delegates partial decision-making authority to subordinate sub-nodes, operating under mutually established policies.

Certain decentralized IoT methodologies endeavor to overcome the inherent limitations of battery-powered devices, specifically regarding their restricted bandwidth and hashing capabilities, by employing blockchain technology. However, conventional linear blockchain structures frequently encounter difficulties in achieving the high throughput necessary for managing billions of devices. To mitigate this challenge, contemporary research investigates sharded distributed ledger protocols, such as Cerberus, which incorporate braided synchronization. These advanced protocols are theoretically designed to enable network throughput to scale proportionally with the number of participating nodes, thereby facilitating the extensive concurrency essential for autonomous machine-to-machine transactions.

Complexity

Within semi-open or closed-loop contexts, such as value chains where global finality can be established, the Internet of Things (IoT) is frequently conceptualized as a complex system. This characterization stems from the extensive array of interactions among autonomous entities and the system's inherent capacity to integrate novel participants. In a fully open-loop scenario, the IoT environment is anticipated to exhibit chaotic properties, given that all systems inherently possess a state of finality.

From a practical standpoint, not every component within the Internet of Things operates within a global, publicly accessible domain. Subsystems are frequently deployed to alleviate concerns related to privacy, control, and reliability. For instance, domestic robotics, or domotics, operating within a smart home environment may restrict data sharing to internal networks and remain accessible solely through local connections. The management and control of highly dynamic, ad hoc IoT device networks present significant challenges for conventional network architectures. In contrast, Software-Defined Networking (SDN) offers a more dynamic methodology that is better suited to the specific demands of IoT applications.

Size Considerations

The precise magnitude of the Internet of Things remains indeterminate, with estimates frequently cited in the billions or trillions at the outset of discussions on the topic. In 2015, approximately 83 million smart devices were present in residential settings. This figure was projected to increase to 193 million devices by 2020. By 2023, the total number of connected IoT devices is anticipated to reach 16.6 billion.

The population of internet-capable devices experienced a 31% increase between 2016 and 2017, culminating in a total of 8.4 billion units.

Space Considerations

Within the Internet of Things (IoT), the exact geographic location and dimensions of an object can be of paramount importance. Historically, tracking spatiotemporal facts about an object was less critical, as human operators could determine the relevance of such information for a given action and either supplement missing data or forgo the action entirely. (It is noteworthy that many IoT entities are sensors, for which precise location is typically essential.) The emergence of the GeoWeb and Digital Earth exemplifies applications enabled by the spatial organization and connectivity of objects. Nevertheless, persistent challenges include managing variable spatial scales, processing vast datasets, and developing efficient indexing for rapid search and proximity queries. In an IoT environment where objects can initiate actions autonomously, the traditional human-centric mediation role is obviated. Consequently, the time-space context, which humans intuitively understand, must be explicitly integrated as a fundamental element within this information ecosystem. Analogous to the foundational role of standards in the Internet and the Web, geospatial standards will be crucial for the effective functioning of the Internet of Things.

A Solution to the 'Basket of Remotes' Problem

IoT devices possess significant potential to capture a segment of this market. Jean-Louis Gassée, a member of Apple's initial alumni team and co-founder of BeOS, discussed this issue in an article for Monday Note. He foresees a challenge he terms the "basket of remotes" problem, characterized by a multitude of applications interacting with numerous devices lacking common communication protocols. To enhance user interaction, some technology leaders are collaborating to establish communication standards among devices. Concurrently, others are exploring predictive device interaction, a paradigm where "collected data is utilized to anticipate and initiate actions on specific devices," thereby fostering their collaborative operation.

Social Internet of Things

The Social Internet of Things (SIoT) represents an emerging paradigm within IoT, emphasizing the significance of social interaction and relationships among IoT devices. SIoT describes a framework where cross-domain IoT devices facilitate application-to-application communication and collaboration autonomously, without human intervention, to provide owners with self-governing services. This functionality necessitates low-level architectural support from both IoT software and hardware engineering.

Social Networks for IoT Devices (Excluding Human Interaction)

The Internet of Things (IoT) conceptualizes devices as entities with identities, akin to citizens within a community, connecting them to the internet to deliver services to users. In contrast, SIoT establishes a social network exclusively for IoT devices, enabling them to interact with one another to achieve various objectives that ultimately serve human needs.

Distinctions Between SIoT and IoT

SIoT diverges from conventional IoT primarily in its collaborative characteristics. Traditional IoT systems are typically passive, configured to fulfill specific, predetermined functions using existing devices within a fixed system. Conversely, SIoT operates actively, leveraging AI for programming and management to address unforeseen requirements by integrating diverse IoT devices from various systems to benefit its users.

Functionality

IoT devices incorporating inherent sociability can broadcast their capabilities or functionalities, enabling the discovery and exchange of information with other IoT devices within the same or proximate networks, thereby actualizing SIoT. Leveraging these capabilities to facilitate additional functionalities could prove particularly beneficial during emergency situations.

Illustrative Applications

1. IoT-enabled smart home technologies monitor the health data of patients or elderly individuals by analyzing their physiological parameters. These systems can alert nearby healthcare facilities when emergency medical services are required. In an emergency, an ambulance from the nearest available hospital is automatically dispatched with the pickup location provided, a ward is assigned, and the patient's health data is transmitted to the emergency department for immediate display on the doctor's computer, facilitating prompt action.
2. IoT sensors integrated into vehicles, roadways, and traffic lights continuously monitor vehicle and driver conditions, issuing alerts when attention is necessary. These sensors also coordinate autonomously to ensure the normal operation of autonomous driving systems. In the event of an accident, an IoT camera automatically notifies the nearest hospital and police station for assistance.

Challenges

1. The Internet of Things is inherently multifaceted and complex. A primary impediment to the widespread adoption and utilization of IoT-based products and services is this inherent complexity. Installation and setup processes often pose significant challenges for users, underscoring the necessity for IoT devices to autonomously integrate, adapt, and configure themselves to deliver diverse services across varying situations.
2. System security is a perpetual concern for any technology, becoming even more critical for SIoT. This is because SIoT requires consideration not only for the security of individual devices but also for establishing robust mutual trust mechanisms among collaborative IoT devices, which must be maintained dynamically across different times and locations.
3. A further critical challenge for SIoT involves ensuring the accuracy and reliability of its sensors. In most operational scenarios, IoT sensors must exhibit nanosecond-level response times to effectively prevent accidents, injuries, and fatalities.

Enabling Technologies

Numerous technologies contribute to the enablement of the IoT. Central to this domain is the communication network facilitating interaction among devices within an IoT deployment, a function that can be served by various wireless or wired technologies.

Addressability

The foundational concept of the Auto-ID Center was predicated on the use of RFID tags and distinct identification through the Electronic Product Code. This paradigm has since evolved to encompass objects possessing an IP address or Uniform Resource Identifier (URI). An alternative perspective, originating from the Semantic Web domain, advocates for making all entities—not exclusively electronic, smart, or RFID-enabled items—addressable via existing naming protocols, such as URIs. In this framework, objects themselves do not engage in direct communication; rather, they can be referenced by other agents, including powerful centralized servers acting on behalf of their human operators. Integration with the Internet necessitates that devices employ an IP address as a unique identifier. Given the constrained address space of IPv4, which accommodates approximately 4.3 billion distinct addresses, Internet of Things (IoT) objects will require the subsequent generation of the Internet protocol, IPv6, to achieve the requisite expansive address capacity. Furthermore, IoT devices will benefit from IPv6's stateless address auto-configuration, which minimizes configuration overhead on hosts, and the IETF 6LoWPAN header compression. Consequently, the future viability of the Internet of Things is substantially dependent on IPv6 support, rendering its global adoption in the forthcoming years critical for the successful advancement of the IoT.

Application Layer

• ADRC defines an application layer protocol along with a supporting framework for the implementation of IoT applications.

Short-Range Wireless Technologies

• Bluetooth mesh networking: A specification that introduces a mesh networking variant for Bluetooth Low Energy (BLE), characterized by an increased node count and a standardized application layer (Models).
• Li-Fi (light fidelity): A wireless communication technology analogous to the Wi-Fi standard, which employs visible-light communication to achieve enhanced bandwidth.
• Near-field communication (NFC): A set of communication protocols enabling two electronic devices to interact within a range of 4 centimeters.
• Radio-frequency identification (RFID): A technology that utilizes electromagnetic fields to retrieve data stored in tags embedded within various items.
• Wi-Fi: A technology for local area networking, based on the IEEE 802.11 standard, facilitating device communication either through a shared access point or directly between individual devices.
• Zigbee: Communication protocols designed for personal area networking, based on the IEEE 802.15.4 standard, offering attributes such as low power consumption, reduced data rates, cost-effectiveness, and high throughput.
• Z-Wave: A wireless communications protocol primarily deployed in home automation and security applications.

Medium-Range Wireless Technologies

• LTE-Advanced: A high-speed communication specification for mobile networks, providing enhancements to the LTE standard through extended coverage, increased throughput, and reduced latency.
• 5G: Fifth-generation wireless networks are capable of fulfilling the demanding communication requirements of the IoT and connecting a substantial number of IoT devices, even when in motion. Three distinct features of 5G are particularly beneficial for supporting specific elements of the IoT: enhanced mobile broadband (eMBB), massive machine type communications (mMTC), and ultra-reliable low latency communications (URLLC).
• LoRa: Offers a communication range of up to 4.8 kilometers (3 miles) in urban environments and 16 kilometers (10 miles) or more in rural areas, contingent on line-of-sight conditions.
• DASH7: Provides a communication range of up to 2 kilometers.

Long-Range Wireless Technologies

• Low-power wide-area networking (LPWAN): Wireless networks engineered to facilitate long-range communication at low data rates, thereby minimizing power consumption and transmission costs. Available LPWAN technologies and protocols include LoRaWAN, Sigfox, NB-IoT, Weightless, RPMA, MIoTy, and IEEE 802.11ah.
• Very-small-aperture terminal (VSAT): A satellite communication technology employing small dish antennas for both narrowband and broadband data transmission.

Wired Technologies

• Ethernet: A general-purpose networking standard that utilizes twisted pair and fiber optic links in conjunction with hubs or switches.
• Power-line communication (PLC): A communication technology that employs existing electrical wiring to transmit both power and data. Specifications such as HomePlug or G.hn leverage PLC for networking IoT devices.

Technological Comparison by Layer

Various technologies fulfill distinct roles within a protocol stack. The following provides a simplified overview of the functions of several prevalent communication technologies in IoT applications.

Standards and Standards Organizations

This section enumerates technical standards for the Internet of Things (IoT), predominantly open standards, and identifies the organizations endeavoring to establish them effectively.

Politics and Civic Engagement

Academics and advocates propose that the Internet of Things (IoT) could foster novel models of civic engagement, provided that device networks are amenable to user control and operate on interoperable platforms. Philip N. Howard, a distinguished professor and author, posits that the application of IoT in civic engagement will significantly influence political landscapes in both democratic and authoritarian systems. To achieve this, he contends that every connected device must disclose the "ultimate beneficiaries" of its sensor data, and individual citizens should possess the capability to append new organizations to this beneficiary roster. Furthermore, he asserts that civil society organizations ought to formulate their IoT strategies to leverage data and facilitate public engagement.

Government Regulation

Data constitutes a primary impetus for the Internet of Things (IoT). The efficacy of interconnecting devices to enhance efficiency relies critically on the accessibility, storage, and processing of data. Consequently, IoT companies aggregate data from diverse origins and archive it within their cloud infrastructure for subsequent analysis. This practice introduces substantial risks related to privacy and security, alongside creating single points of vulnerability across numerous systems. Additional concerns encompass consumer autonomy and the proprietorship and utilization of data. Although still nascent, regulatory frameworks and governance mechanisms addressing privacy, security, and data ownership are progressively evolving. IoT regulation varies by nation. Illustrative legislative examples pertinent to privacy and data collection include the US Privacy Act of 1974, the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data of 1980, and the EU Directive 95/46/EC of 1995.

Current Regulatory Environment:

In January 2015, the Federal Trade Commission (FTC) issued a report containing the subsequent three recommendations:

• Data Security: During the design phase, IoT companies must guarantee the perpetual security of data collection, storage, and processing. Organizations are advised to implement a "defense in depth" strategy and encrypt data at every operational stage.
• Data Consent: Users should retain agency over the data they transmit to IoT companies and must be notified in the event of a data exposure.
• Data Minimization: IoT companies are expected to collect only essential data and to retain such information for a circumscribed duration.

Nevertheless, the FTC has, for the present, confined its actions to issuing recommendations. An analysis by the FTC indicates that the current regulatory framework, comprising the FTC Act, the Fair Credit Reporting Act, and the Children's Online Privacy Protection Act, in conjunction with ongoing consumer education, business guidance, multi-stakeholder engagement, and inter-agency advocacy at federal, state, and local levels, adequately safeguards consumer rights.

A resolution adopted by the Senate in March 2015 is currently under congressional review. This resolution acknowledged the imperative for establishing a National Policy on IoT, addressing concerns related to privacy, security, and spectrum allocation. Moreover, to stimulate the IoT ecosystem, a bipartisan cohort of four Senators introduced the Developing Innovation and Growing the Internet of Things (DIGIT) Act in March 2016. This proposed legislation aims to mandate the Federal Communications Commission to evaluate the necessity for additional spectrum to facilitate IoT device connectivity.

California Senate Bill No. 327, approved on September 28, 2018, will become effective on January 1, 2020. This legislation mandates that "a manufacturer of a connected device, as those terms are defined, must equip the device with reasonable security features appropriate to its nature and function, commensurate with the information it may collect, contain, or transmit, and designed to safeguard the device and any contained information from unauthorized access, destruction, use, modification, or disclosure,"

The Internet of Things (IoT) industry is actively developing standards for automotive applications, largely because security concerns associated with connected vehicles are also pertinent to healthcare devices. The National Highway Traffic Safety Administration (NHTSA) is consequently formulating cybersecurity guidelines and compiling a database of best practices to enhance the security of automotive computer systems.

A recent World Bank report investigates the challenges and opportunities associated with the governmental adoption of IoT, identifying several key areas:

• The nascent stage of IoT implementation within governmental sectors.
• Underdeveloped policy and regulatory frameworks.
• Unclear business models, despite a robust value proposition.
• A distinct institutional and capacity deficit observed in both governmental and private sectors.
• Inconsistent data valuation and management practices.
• Infrastructure as a significant impediment.
• The role of government as a facilitator.
• Common characteristics among the most successful pilot programs, including public-private partnerships, local focus, and strong leadership.

In early December 2021, the U.K. government introduced the Product Security and Telecommunications Infrastructure (PST) bill, which aims to mandate specific cybersecurity standards for IoT distributors, manufacturers, and importers. This legislation also seeks to enhance the security attributes of consumer IoT devices.

Criticism, Problems, and Controversies

Platform Fragmentation

The Internet of Things (IoT) is significantly affected by platform fragmentation, a lack of interoperability, and the absence of common technical standards. This condition, characterized by diverse IoT devices with varying hardware and software configurations, complicates the development of applications that function consistently across disparate technological ecosystems. For instance, wireless connectivity for IoT devices can be achieved through multiple protocols, including Bluetooth, Wi-Fi, Wi-Fi HaLow, Zigbee, Z-Wave, LoRa, NB-IoT, Cat M1, and proprietary radio solutions, each possessing distinct advantages, disadvantages, and unique support ecosystems.

The inherently decentralized and diverse computing architecture of the IoT also presents a significant security challenge, as critical operating system patches frequently fail to reach users of older or lower-cost devices. Research indicates that vendors' insufficient support for legacy devices, through patches and updates, renders over 87% of active Android devices susceptible to vulnerabilities.

Privacy, Autonomy, and Control

Philip N. Howard, a distinguished professor and author, posits that the Internet of Things offers substantial potential for citizen empowerment, governmental transparency, and expanded information access. Howard nonetheless warns of the immense privacy threats inherent in IoT, alongside its potential for facilitating social control and political manipulation.

Concerns regarding privacy have prompted considerations regarding the inherent incompatibility of big data infrastructures, such as the Internet of Things and data mining, with privacy principles. The escalating digitalization across sectors like water, transport, and energy introduces critical challenges pertaining to privacy and cybersecurity, which mandate a comprehensive response from both researchers and policymakers.

Author Adam Greenfield asserts that IoT technologies constitute both an encroachment on public space and a mechanism for perpetuating normative behavior. He cites an example of billboards equipped with concealed cameras that monitored the demographics of individuals who paused to view advertisements.

The Internet of Things Council drew parallels between the escalating digital surveillance facilitated by the Internet of Things and Jeremy Bentham's 18th-century concept of the panopticon. This assertion finds support in the analyses of French philosophers Michel Foucault and Gilles Deleuze. In Discipline and Punish: The Birth of the Prison, Foucault contends that the panopticon served as a foundational element of the disciplinary society that emerged during the Industrial Era. Foucault further posited that the disciplinary systems implemented in factories and schools mirrored Bentham's vision of panopticism. In his 1992 paper "Postscripts on the Societies of Control," Deleuze observed that the disciplinary society had evolved into a control society, with the computer supplanting the panopticon as an instrument of discipline and control, yet retaining qualities analogous to panopticism.

Peter-Paul Verbeek, a professor of philosophy of technology at the University of Twente in the Netherlands, asserts that technology significantly influences human moral decision-making, thereby impacting agency, privacy, and autonomy. He advises against perceiving technology solely as a human instrument, advocating instead for its recognition as an active agent.

Justin Brookman, representing the Center for Democracy and Technology, articulated concerns regarding the Internet of Things' (IoT) implications for consumer privacy. He noted, "There are some people in the commercial space who say, 'Oh, big data – well, let's collect everything, keep it around forever, we'll pay for somebody to think about security later.' The question is whether we want to have some sort of policy framework in place to limit that."

Tim O'Reilly contends that the prevailing marketing strategies for IoT devices are misdirected. He challenges the idea that IoT primarily aims to enhance efficiency by connecting numerous devices, instead positing that "IoT is really about human augmentation. The applications are profoundly different when you have sensors and data driving the decision-making."

Editorials published in WIRED have similarly voiced apprehension, with one asserting, "What you're about to lose is your privacy. Actually, it's worse than that. You aren't just going to lose your privacy, you're going to have to watch the very concept of privacy be rewritten under your nose."

The American Civil Liberties Union (ACLU) has articulated concerns regarding the potential of the IoT to diminish individual control over personal lives. The ACLU stated, "There's simply no way to forecast how these immense powers – disproportionately accumulating in the hands of corporations seeking financial advantage and governments craving ever more control – will be used. Chances are big data and the Internet of Things will make it harder for us to control our own lives, as we grow increasingly transparent to powerful corporations and government institutions that are becoming more opaque to us."

Responding to escalating concerns regarding privacy and smart technology, the British Government declared in 2007 its intention to adhere to formal Privacy by Design principles during the implementation of its smart metering program. This initiative aimed to replace conventional power meters with smart meters capable of more precise energy usage tracking and management. Nevertheless, the British Computer Society has expressed skepticism regarding the actual implementation of these principles. In 2009, the Dutch Parliament rejected a comparable smart metering program due to privacy concerns; however, the Dutch program was subsequently revised and approved in 2011.

Data storage

A significant challenge for developers of IoT applications involves the cleaning, processing, and interpretation of the immense data volumes collected by sensors. One proposed analytical solution for this information is termed Wireless Sensor Networks. These networks facilitate data sharing among sensor nodes, which then transmit the sensory data to a distributed system for analysis.

The storage of this substantial data volume presents an additional challenge. Application-specific demands can necessitate high data acquisition, consequently leading to considerable storage requirements. In 2013, the Internet was estimated to account for 5% of global energy consumption, and the "daunting challenge to power" IoT devices for data collection and storage persists.

Data silos, while a prevalent issue in legacy systems, frequently emerge with the deployment of IoT devices, particularly within the manufacturing sector. Despite the numerous advantages offered by IoT and Industrial IoT (IIoT) devices, the methods of data storage can pose significant challenges if principles of autonomy, transparency, and interoperability are not adequately addressed. These challenges stem not from the devices themselves, but from the configuration of databases and data warehouses. Such issues have been widely observed in manufacturers and enterprises undergoing digital transformation, forming part of their digital foundation. This suggests that to maximize the benefits of IoT devices and enhance decision-making, organizations must first re-evaluate and adjust their data storage methodologies. Keller (2021) identified these challenges during an investigation into the IT and application landscape of Industry 4.0 implementation within German mechanical and electrical manufacturers.

Security

The adoption of Internet of Things (IoT) technology faces significant security challenges, primarily due to its rapid expansion without adequate consideration of the inherent security implications and potential regulatory requirements. The proliferation of billions of connected IoT devices, coupled with limitations in current communication security technologies, has progressively led to the emergence of diverse security vulnerabilities within the IoT ecosystem.

Technical security concerns within the IoT largely parallel those found in conventional computing environments, such as servers, workstations, and smartphones. These common vulnerabilities encompass weak authentication protocols, failure to modify default credentials, transmission of unencrypted inter-device messages, susceptibility to SQL injection and man-in-the-middle attacks, and inadequate management of security updates. Nevertheless, numerous IoT devices operate under severe computational constraints, which frequently preclude the direct implementation of fundamental security measures like firewalls or robust cryptographic systems for inter-device communication. Furthermore, the cost-effectiveness and consumer-centric design of many devices often impede the establishment of comprehensive security patching mechanisms.

In response to the computational limitations and authentication weaknesses inherent in edge devices, decentralized IoT architectures are increasingly incorporating lightweight Distributed Ledger Technologies (DLT) to create immutable trust layers. Peer-reviewed studies suggest that systems utilizing directed acyclic graph (DAG) consensus mechanisms can be effectively combined with semantic knowledge graphs and dynamic cryptography. This integration facilitates scalable, tamper-proof device authentication through lightweight protocols, such as MQTT and CoAP, thereby circumventing the substantial latency and energy consumption typically associated with conventional linear blockchains.

Beyond conventional security vulnerabilities, fault injection attacks are emerging as a growing threat specifically targeting IoT devices. A fault injection attack constitutes a physical intrusion designed to deliberately introduce system malfunctions, thereby altering the device's intended operational behavior. Such faults can also occur unintentionally due to environmental noise and electromagnetic interference. Concepts derived from control-flow integrity (CFI) are being explored to prevent fault injection attacks and enable system recovery to a pre-fault, healthy state.

Internet of Things devices also present unique risks due to their access to novel data streams and their capacity to control physical apparatus. As early as 2014, it was recognized that numerous internet-connected appliances, including televisions, kitchen appliances, cameras, and thermostats, possessed the capability to "spy on people in their own homes." Furthermore, computer-controlled components in automobiles, such as brakes, engines, locks, hood and trunk releases, horns, heating systems, and dashboards, have been demonstrated to be susceptible to attackers with access to the vehicle's internal network. In certain instances, internet connectivity in vehicle computer systems enables remote exploitation. Preceding these automotive vulnerabilities, security researchers in 2008 showcased the unauthorized remote control of pacemakers. Subsequently, hackers publicly demonstrated the remote manipulation of insulin pumps and implantable cardioverter defibrillators.

Inadequately secured Internet-accessible IoT devices can also be co-opted to launch attacks against other systems. A notable instance occurred in 2016, when a distributed denial of service (DDoS) attack, orchestrated by IoT devices infected with the Mirai malware, incapacitated a DNS provider and several prominent websites. The Mirai Botnet initially compromised approximately 65,000 IoT devices within its first 20 hours, with infections ultimately escalating to between 200,000 and 300,000. Brazil, Colombia, and Vietnam collectively accounted for 41.5% of these infections. The Mirai Botnet specifically targeted various IoT devices, including DVRs, IP cameras, routers, and printers. Leading vendors whose devices were most frequently compromised included Dahua, Huawei, ZTE, Cisco, ZyXEL, and MikroTik. In May 2017, Cloudflare computer scientist Junade Ali highlighted that inherent DDoS vulnerabilities in IoT devices stem from deficient implementations of the Publish–subscribe pattern. Such attacks have led security experts to recognize IoT as a substantial threat to the stability and availability of Internet services.

The U.S. National Intelligence Council, in an unclassified report, asserts the difficulty of preventing "access to networks of sensors and remotely-controlled objects by enemies of the United States, criminals, and mischief makers." The report further suggests that an open market for aggregated sensor data, while beneficial for commerce and security, could equally assist criminals and spies in identifying vulnerable targets. Consequently, extensive parallel sensor fusion might compromise social cohesion if it conflicts with Fourth Amendment protections against unreasonable searches. Broadly, the intelligence community perceives the Internet of Things as a substantial data source.

On January 31, 2019, The Washington Post published an article detailing the security and ethical issues associated with IoT doorbells and cameras. The report highlighted an instance where Ring permitted its team in Ukraine to access and annotate specific user videos, although the company stated it only reviewed publicly shared content and videos from consenting owners. Additionally, the article described a case where a hacker exploited a weak password to gain control of a California family's Nest camera, broadcasting false missile attack warnings and surveilling the residents.

Concerns regarding IoT security have prompted various responses. The Internet of Things Security Foundation (IoTSF) was established on September 23, 2015, with the objective of enhancing IoT security through the dissemination of knowledge and best practices. Its inaugural board comprises representatives from technology providers and telecommunications firms. Furthermore, major IT corporations are consistently developing advanced solutions to safeguard IoT devices. In 2017, Mozilla introduced Project Things, a platform designed to route IoT devices via a secure Web of Things gateway. According to projections by KBV Research, the global IoT security market is anticipated to expand at a compound annual growth rate of 27.9% between 2016 and 2022, driven by increasing infrastructural concerns and the diverse applications of the Internet of Things.

Some argue that governmental regulation is essential for securing IoT devices and the broader Internet, contending that market incentives alone are inadequate. Research has revealed that the inherent design of many IoT development boards leads to the generation of predictable and weak cryptographic keys, rendering them susceptible to man-in-the-middle attacks. Nevertheless, numerous researchers have proposed various hardening strategies to address vulnerabilities stemming from weak SSH implementations and compromised keys.

IoT security in the manufacturing sector poses distinct challenges and elicits diverse viewpoints. Within the European Union and Germany, data protection is a recurring theme in manufacturing and digital policy, particularly concerning Industry 4.0 (I4.0). However, the approach to data security diverges from an enterprise perspective, where there is a tendency to emphasize less stringent data protection, such as GDPR, given that data collected from IoT devices in manufacturing typically does not contain personal details. Despite this, studies indicate that manufacturing specialists express apprehension regarding "data security for protecting machine technology from international competitors with the ever-greater push for interconnectivity."

Safety

Internet of Things (IoT) systems are generally managed by event-driven smart applications that process inputs such as sensed data, user commands, or external triggers from the Internet. These applications then direct one or more actuators to facilitate various forms of automation. Illustrative examples of sensors encompass smoke detectors, motion sensors, and contact sensors. Conversely, actuators include devices like smart locks, smart power outlets, and door control mechanisms. Prominent control platforms enabling third-party developers to create smart applications that wirelessly interface with these sensors and actuators include Samsung's SmartThings, Apple's HomeKit, and Amazon's Alexa, among others.

A specific challenge within Internet of Things (IoT) systems involves the potential for faulty applications, unforeseen interactions between applications, or device and communication failures to induce hazardous physical states. Examples include unlocking an entrance door when no one is present or deactivating a heater when the temperature falls below 0 degrees Celsius while occupants are asleep. Identifying flaws that precipitate such states necessitates a comprehensive understanding of installed applications, component devices, their configurations, and, critically, their interactive dynamics. Recently, researchers at the University of California Riverside introduced IotSan, a novel and practical system that employs model checking to uncover "interaction-level" flaws by pinpointing events capable of leading the system into unsafe conditions. IotSan was evaluated on the Samsung SmartThings platform, where it detected 147 vulnerabilities (i.e., violations of safe physical states or properties) across 76 manually configured systems.

Design

Given the widely acknowledged evolving nature of Internet of Things design and management, the sustainable and secure deployment of IoT solutions mandates a design approach that accommodates "anarchic scalability." This concept can be extended to physical systems, specifically controlled real-world objects, by engineering them to account for uncertain future management scenarios. Such robust anarchic scalability offers a pathway to fully realize the potential of IoT solutions by judiciously constraining physical systems, thereby enabling diverse management regimes without risking physical failure.

Michael Littman, a computer scientist at Brown University, has asserted that the successful implementation of the Internet of Things requires careful consideration of interface usability in addition to the underlying technology. These interfaces must not only be more user-friendly but also better integrated, as he argues, "If users need to learn different interfaces for their vacuums, their locks, their sprinklers, their lights, and their coffeemakers, it's tough to say that their lives have been made any easier."

Environmental Sustainability Impact

A significant concern regarding Internet of Things technologies pertains to the environmental repercussions stemming from the manufacturing, operational use, and eventual disposal of these semiconductor-rich devices. Modern electronics are replete with various heavy metals, rare-earth metals, and highly toxic synthetic chemicals, which render their proper recycling exceptionally challenging. Consequently, electronic components are frequently incinerated or deposited in standard landfills. Furthermore, the human and environmental costs associated with mining the rare-earth metals essential for contemporary electronic components continue to escalate. This situation raises critical societal questions concerning the lifelong environmental impacts of IoT devices.

Intentional Obsolescence of Devices

The Electronic Frontier Foundation (EFF) has voiced concerns that corporations may leverage the technologies supporting connected devices to intentionally disable or "brick" customer devices through remote software updates or by deactivating essential operational services. For instance, home automation devices initially sold with a "Lifetime Subscription" were rendered inoperable after Nest Labs acquired Revolv and subsequently decided to shut down the central servers that the Revolv devices relied upon. As Nest is a subsidiary of Alphabet (Google's parent company), the EFF contends that this action establishes a "terrible precedent for a company with ambitions to sell self-driving cars, medical devices, and other high-end gadgets that may be essential to a person's livelihood or physical safety."

Device owners should ideally possess the freedom to redirect their equipment to alternative servers or collaborate on developing improved software. However, such actions typically contravene Section 1201 of the United States Digital Millennium Copyright Act (DMCA), which provides only a limited exemption for "local use." This legal framework places enthusiasts who wish to continue utilizing their own equipment into a precarious legal grey area. The EFF advocates that consumers should decline to purchase electronics and software that prioritize the manufacturer's prerogatives over their own.

Examples of post-sale manipulations include the disabling of Google Nest Revolv devices, modifications to privacy settings on Android, Sony's removal of Linux functionality from the PlayStation 3, and the enforcement of End-User License Agreements (EULAs) on the Wii U.

Confusing Terminology

Kevin Lonergan, writing for the business technology publication Information Age, characterized the terminology surrounding the Internet of Things (IoT) as a "terminology zoo." He asserted that this lack of definitional clarity is neither "useful from a practical point of view" nor conducive to avoiding "confusion for the end user." A company operating within the IoT domain may engage with diverse technologies, including sensor systems, networking, embedded systems, or data analytics. Lonergan further noted that the term IoT predates the widespread adoption of modern smartphones, tablets, and similar devices. He identified an extensive list of related terms exhibiting varying degrees of overlap and technological convergence, such as Internet of Things, Internet of Everything (IoE), Internet of Goods (supply chain), Industrial Internet, pervasive computing, pervasive sensing, ubiquitous computing, cyber-physical systems (CPS), wireless sensor networks (WSN), smart objects, digital twin, cyberobjects or avatars, cooperating objects, machine to machine (M2M), ambient intelligence (AmI), Operational Technology (OT), and Information Technology (IT). For the Industrial Internet of Things (IIoT), a specialized industrial subset of IoT, the Industrial Internet Consortium's Vocabulary Task Group has developed a "common and reusable vocabulary of terms" to ensure "consistent terminology" across its publications. Additionally, IoT One maintains an IoT Terms Database, which includes a New Term Alert feature for notifying users of newly published terms. As of March 2020, this database comprehensively aggregates 807 IoT-related terms, striving for "transparent and comprehensive" material.

Adoption Barriers

Interoperability Deficiencies and Ambiguous Value Propositions

Despite a collective acknowledgment of the IoT's transformative potential, both industry leaders and consumers encounter significant obstacles hindering its widespread adoption. Mike Farley, in an article for Forbes, contended that while IoT solutions may appeal to early adopters, they frequently suffer from either a lack of interoperability or an unclear use case for general end-users. A study conducted by Ericsson on IoT adoption among Danish companies indicated that many organizations struggle "to pinpoint exactly where the value of IoT lies for them."

Privacy and Security Concerns

In the context of IoT, particularly consumer IoT, data pertaining to a user's daily routines is collected to enable interconnected devices to collaborate and deliver personalized services. However, when this detailed user information traverses multiple network hops, owing to the diverse integration of services, devices, and networks, the data stored on a device becomes susceptible to privacy violations through compromised nodes within the IoT network.

For instance, on October 21, 2016, a series of distributed denial-of-service (DDoS) attacks targeted systems operated by Dyn, a domain name system provider, rendering several prominent websites, including GitHub and Twitter, inaccessible. This attack was executed via a botnet comprising a vast number of IoT devices, such as IP cameras, network gateways, and even baby monitors.

Fundamentally, an IoT system necessitates four primary security objectives: (1) data confidentiality, ensuring unauthorized parties cannot access transmitted and stored data; (2) data integrity, requiring the detection of both intentional and unintentional corruption of transmitted and stored data; (3) non-repudiation, preventing a sender from denying the transmission of a specific message; and (4) data availability, guaranteeing that transmitted and stored data remains accessible to authorized parties, even amidst denial-of-service (DoS) attacks.

Information privacy regulations necessitate that organizations implement 'reasonable security' protocols. California's SB-327, for example, mandates that manufacturers of connected devices equip them with reasonable security features. These features must be appropriate for the device's nature, function, and the information it may collect, contain, or transmit, designed to protect against unauthorized access, destruction, use, modification, or disclosure. However, establishing what constitutes 'reasonable security' and identifying potential business risks can be challenging due to the unique environment of each organization. Similarly, Oregon's HB2395 requires a person that manufactures, sells or offers to sell connected device manufacturer to integrate reasonable security features into connected devices, protecting the connected device and the information it collects, contains, stores or transmits stores from unauthorized access, destruction, modification, use, or disclosure.

Antivirus provider Kaspersky reported 639 million data breaches involving IoT devices in 2020, with this figure escalating to 1.5 billion breaches during the first half of 2021.

The implementation of standards and device certification represents a strategy to mitigate safety concerns. In 2024, the United States introduced two voluntary and non-competing initiatives: the US Cyber Trust Mark, overseen by The Federal Communications Commission, and the IoT Device Security Specification from the Connectivity Standards Alliance (CSA). These programs integrate international expertise, exemplified by the recognition of the CSA mark by the Singapore Cybersecurity Agency. Adherence to these standards ensures that IoT devices are better equipped to resist hacking attempts, control hijacking, and the theft of confidential data.

Conventional Governance Structures

Research by Ericsson on Internet of Things (IoT) adoption among Danish companies revealed a fundamental conflict between IoT implementation and existing corporate governance structures. This conflict arises because IoT introduces significant uncertainties and lacks historical precedents within traditional business frameworks. A substantial proportion of interviewed respondents, specifically 60 percent, indicated a perceived deficiency in their organizational capabilities, while three out of four believed they lacked the necessary processes to capitalize on IoT opportunities. This situation underscores the importance of comprehending organizational culture to facilitate effective organizational design and to experiment with novel innovation management strategies. Furthermore, the absence of robust digital leadership during the era of digital transformation has impeded innovation and IoT adoption. Consequently, many companies, confronted with uncertainty, adopted a wait-and-see approach, deferring IoT initiatives until market dynamics became clearer or until competitor actions, customer demand, or regulatory mandates necessitated engagement. Such companies risk being 'kodaked,' a term referencing Kodak's decline as a market leader when digital disruption superseded film photography. This phenomenon describes organizations that fail to recognize disruptive forces impacting their industry and neglect to embrace the new business models emerging from transformative change. Scott Anthony, writing in the Harvard Business Review, observed that Kodak developed a digital camera, invested in the technology, and even understood the potential of online photo sharing. However, the company ultimately failed to grasp that "online photo sharing was the new business, not just a way to expand the printing business," thereby missing the core disruptive shift.

Strategic Business Planning and Project Management

A 2018 study indicated that 70–75% of IoT deployments remained in the pilot or prototype phase, failing to achieve scalability, partly attributable to insufficient business planning.

Despite global efforts by scientists, engineers, and managers to develop and leverage the advantages of Internet of Things (IoT) products, deficiencies persist in the governance, management, and implementation of these initiatives. Notwithstanding significant advancements in information and related foundational technologies, IoT remains an intricate domain, necessitating a reevaluation of current project management methodologies. Consequently, IoT projects require distinct operational approaches compared to conventional IT, manufacturing, or construction endeavors. The extended timelines, scarcity of specialized personnel, and inherent security and legal complexities associated with IoT projects mandate the development of novel, purpose-built project processes. Implementing the subsequent management strategies is anticipated to enhance the success rates of IoT projects:

• A distinct research and development phase.
• The establishment of a Proof-of-Concept or Prototype prior to project initiation.
• Project managers possessing interdisciplinary technical expertise.
• Standardized business and technical terminology.

Notes

Notes

References

Bibliography

• Acharjya, D.P.; Geetha, M.K., editors (2017). Internet of Things: Novel Advances and Envisioned Applications. Springer. page 311. ISBN 978-3-319-53472-5.Li, S.; Xu, L.D., editors (2017). Securing the Internet of Things. Syngress. page 154. ISBN 978-0-12-804505-3.Rowland, C.; Goodman, E.; Charlier, M.; et al., editors (2015). Designing Connected Products: UX for the Consumer Internet of Things. O'Reilly Media. page 726. ISBN 978-1-4493-7256-9.Thomas, Jayant; Traukina, Alena (2018). Industrial Internet Application Development: Simplify IIoT development using the elasticity of Public Cloud and Native Cloud Services. Packt Publishing. page 25. ISBN 978-1-78829-859-9.Stephenson, W. David (2018). The Future Is Smart: How Your Company Can Capitalize on the Internet of Things—and Win in a Connected Economy. HarperCollins Leadership. page 250. ISBN 978-0-8144-3977-7.Source: TORIma Academy Archive