Common Myths About IP Networking for IoT
IP (Internet Protocol) has long been the established standard to interconnect computing devices on networks ranging in size from spanning the globe (the Internet) to local networks in homes and office buildings. The benefits of all of these networks being based on the same networking protocol are clear: easy connectivity, end-to-end addressing and security, and great flexibility and choice of both physical transports and applications. And due to economies of scale, IP-based solutions are widely available at affordable price levels.
It is no wonder that IoT and smart home/smart building applications are also rapidly moving towards IP. New initiatives are almost always built from the ground-up based on IP, and many of the well-established standards are either offering an IP-based alternative, or moving their technology to IP altogether.
As we see the global transition of commercial IoT markets towards IP-based solutions, it is important to clarify some concepts. This would avoid misinterpretations and myths as IP-based technologies often get explained in the context of legacy and non-IP based solutions.
Let’s address some of the most common myths.
Some people mistakenly think that IP-based IoT networks are more vulnerable to external attacks, simply because they are based on technologies that are also common on the internet. They suggest that since every device has an IP-address, it can be reached from “outside” of the network, hence being an easier target for malicious attacks.
First of all, IoT devices being based on IP does not necessarily mean that the devices are connected to the public internet, or even to the local corporate IT-network. An IP-based IoT network can operate entirely on its own, while still leveraging some of the benefits that IP has to offer (like flexibility of application layers that can simultaneously be used).
Even when the IoT devices do form part of the building’s network-infrastructure, they are actually far better protected against attacks than legacy IoT protocols that are bridged to the building’s network. Because IP-based IoT devices act and operate in the same way as other IP-based devices on the network (like computers and printers), they can leverage the same protection mechanisms and security measures.
In cases where the IoT network can access the public internet, it’s likely that such a connection can only be initiated from within that IoT network, unless the system administrator configures the firewall such that the devices are available from the internet.
Any encryption method that is applied on the network extends to the IoT network as well. To avoid “packet sniffing”, wireless technologies need additional forms of security, which are available in popular IP-based wireless technologies Any measures that are in place to authenticate devices and give access permissions can also be used for the IoT products. IP networks can leverage a lot of well tested and thought through solutions as today’s baseline security standards have been designed with IP in mind. Administrators and network architects can use existing transport layer security for local links, and use a VPN for outside connections if desired, and apply these to the IoT devices too. It would even be possible to assign all IoT devices to a separate VLAN, making it possible for them to act as a completely separate virtual network, with only the necessary interconnects to the rest of the IP-infrastructure in place.
In contrast, for legacy, non-IP technologies, multiple proprietary technologies are utilized to implement security. The network/protocol translation logic in the gateways is implemented in an open, unencrypted portion of the end to end flow. This limits the ability to offer security through an end-to-end encryption.
What’s more, with proprietary technologies it proves to be more complicated to update the devices with new firmware revisions (for example to apply security patches), since this is usually handled by the gateway or hub. If this hub is being compromised, new firmware versions might not be able to be installed.
IP-based IoT devices do not rely on a gateway or hub to translate network traffic, devices can directly initiate the contacting of trusted sources in the building network or the internet without the risk of “man in the middle”-attacks. On top of that, it makes patching software and applying new firmware versions way more straightforward and safer.
Apart from the aforementioned security measures that corporate IT-networks already deploy, and which can also be applied to IP-based IoT devices, these IP-based devices run IoT protocols which themselves also offer application-specific security features. Many of them can leverage years or even decades of engineering and development, and much of these technologies have been transferred to the IP-based versions of these standards.
In the end, you might conclude that IP-based IoT networks not only benefit from all of the security standards, protocols, tools and measures that have been developed for the IP protocol, but that IP-based devices are also way less vulnerable to attacks that are common with hub/gateway-based systems that might take down the entire IoT-network.
Add this to all of the benefits that IP-networking brings, such being able to choose the physical networking technology, or a combination of them, that best fit the situation (like ethernet, PoE, Wi-Fi, NB-IoT or Thread), or the ability to use multiple application protocols, even at the same time (like BACNet, KNX-IoT, or OCF), and it quickly becomes clear why the smart building world is moving quickly towards IP as a versatile, interoperable, proven and secure networking technology.