Cipher Book Review, Issue E140

The Internet of Risky Things - Trusting the devices That Surround Us
by Sean Smith

O'Reilly Media 2017
ISBN-13 978-1-491963623, 240 pages

Reviewed by  Sven Dietrich   Sep. 17, 2017 

The Internet is much more than the traditional platforms of big servers, desktops, laptop, and mobile phones; its growth now encompasses embedded devices, such as DVRs, thermostats, cameras, networked speakers, remote-controlled light bulbs and more, i.e. the "Internet of Things (IoT)". Sean Smith provides an excellent overview in "The Internet of Risky Things" with examples to make us stop and think about security issues.

Written as a series of anecdotes about security and embedded devices spanning many years, quotes from researchers, papers, and articles, and interspersed with the occasional picture of an embedded device logic board or an XKCD comic to illustrate a point, the book is a great introduction to IoT's issues of security and trust. The stories, whether factual occurrences or dystopian warnings, paint an easily followed framework, where the reader can dip into a large collection of references at the end of each chapter. The reading level of the references goes from news articles to full-fledged research articles relevant to the topic, making an easy entry to each topic as well as an opportunity to strengthen existing knowledge. Along the way, Sean Smith shares his classroom experience teaching this fascinating topic in his role as computer science faculty at Dartmouth College.

A quickdown of the ten chapters follows. The first chapter, "Brave New Internet", is a quick intro the already changed landscape of the Internet as mentioned above. Next, "Examples and Building Blocks" shows examples of making embedded devices connect to the Internet. The third chapter "The Future Has Been Here Before" reminds us that there have been serious incidents with Internet-connected real-world devices in the past, such as radiation-emitting medical devices, even if the scale of connectivity was not the same. Following that, "Overcoming Design Patterns for Insecurity" documents several categories of security design flaws for embedded devices that garnered attention. The fifth chapter, "Names and Identity in the IoT", covers the aspect of authentication for the IoT devices, as the scale of deployment of those devices is unprecedented.

"The Internet of Tattletale Devices" reminds us that we entrust information about ourselves and our habits into the IoT that can be either observed or queried by parties that we do not necessarily want to share them with, leading to privacy violations and possible surveillance. The seventh chapter "Business, Things, and Risks" considers business cases for IoT and its consequences. That is succeeded by "Laws, Things, and Society", which muses on the impact of IoT devices on legal issues for international and transborder concerns. The ninth chapter "The Digital Divide and the IoT" examines how the IoT could exacerbate the digital divide which is already present with the Internet of Computers. Finally, "The Future of Humans and Machines", talks about the larger impact on humanity by choosing to adopt IoT devices, mental models, the ethical considerations, and whether or not IoT is truly for the betterment of society.

I hope you will enjoy reading this book as much as I did. Sean Smith is a seasoned researcher and expert in his field, and shares his knowledge with the reader in an accessible, easy, yet thought-provoking manner.

Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org