The simplest definition of the Internet of Things (IoT) is that it is a giant network of connected things (application, devices, and people). Information sharing and data flow between things are at the core of this technology. IoT describes the domain where just about everything can be connected and communicated with in a smart manner.
The Internet of Things allows objects and entities to be sensed and controlled remotely across existing network infrastructure, creating opportunities for integration between the physical world and the smart systems, resulting in improved efficiency, accuracy, and economic benefit.
Today, people across the world are heavily dependent on IoT, which is touching every facet of our lives. The various application areas for IoT include wearables, smart retail, smart home, connected health, etc. All of these things need to be tested and validated to ensure the quality and the accuracy of the associated data. Quality assurance in IoT thus refers to the validation process of various aspects associated with communication, computing, and, of course, the software, which remains an integral part of IoT.
According to Gartner, the Internet of Things base will grow to approximately 26 billion units by 2020. Based on TMT predictions in 2015 by Deloitte, IoT and corresponding connectivity revenues are growing at about 10-20% annually, while the apps, analytics, and services are increasing even more rapidly, at 40-50%. But very few parameters exist to check and ensure the quality of these IoT-enabled devices and machines from a quality and security perspective. The following sections will provide a comprehensive analysis of approach and methodologies that can be used for securing and testing IoT-enabled devices and the various challenges and complexities involved when compared with the traditional approach.
According to Gartner, IoT product and service suppliers will generate incremental revenue pg more than $300bn, generally in services, in 2020. It will result in $1.9tn in global economic value added through sales into diverse end markets. Creating a robust and reliable IoT system thus becomes an important point of focus, with an approach to test the IoT-enabled systems and people focusing on applications and devices.
Internet of Things (IoT)
IoT has been the most pertinent word in the technology space and the engineering circles over the past few years. With increasing demand for cutting edge devices such as smartphones, tablets, electric cars, and wearable devices, the Internet of Things is most likely to transform and shape the technology ecosystem with many more devices going to be ready for this technology in the coming years.
The concept of this technology is very simple: Connect all things to the Internet. The 'things' here may refer to computer-based smart devices with sensor and network communication functionality, which includes devices such as smartphones, webcams, microphones, medical diagnostics devices, smart watches, and even vacuum-cleaning robots. IoT requires smart elements or units to make it running. An IoT unit is any device or system that is used for communication between systems and devices through the internet. “The Internet of Things is the network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment,” in Gartner’s definition.
IDC estimates that, toward the end of 2013, there were 9.1 billion IoT units installed. It expects the installed base of IoT units to grow exponentially at 17.5% CAGR over the forecast period to 28.1 billion in 2020. As per the IDC market report, the IOT market will grow from approx. $655.8bn in 2014 to a humungous $1.7tn in 2020, with a Compound Annual Growth Rate (CAGR) of 16.9%.
IoT has made great progress in the technology market of wearable devices. There is a recent trend toward people getting smart watches, health bands, and eyewear and using them in tandem to for health and fitness purposes. There are serious talks of wide usage of smart attires and body-embedded technologies as well. All this will be connected through the Internet, to give a boost to the IoT technology.
Assessing embedded and Internet of Things devices
There is a strong need for the traditional software quality assurance and security models to evolve along with IoT. Quality assurance and security teams should start focusing more on usability testing, simulating the environment where the devices will be used, making sure information is exchanged in a secure manner and that the performance of these devices are not affected. Today, the IOT space mainly comprises the mobile and embedded systems. Thus, the general test approach for testing has to be significantly different from the traditional way of testing desktop or Web applications.
The quality assurance and security teams must create use cases and test scenarios that go beyond the use of mouse and keyboard to interact with these embedded devices They should take into account the body movements, voice commands, and touch and sensors utilisation while designing the tests and, at the same time, they should focus more on the usability and performance aspects of these devices. The key for quality assurance and security teams to achieve quality testing is to think about the way the user interacts with mobile or embedded IOT devices. Since all of these devices actually function with us, testing how the user experiences these devices becomes imperative. If we do not test the user interaction, our assessments and decisions of quality will be lacking some of the most important information needed to determine whether or not the devices are ready to be catered securely to the customer. Why is user experience testing so important to IOT devices?
In general, testing should include all things physical, including sizes, shapes, and genders of the users. It should also include testing all sensory reactions including sight, sound, and touch, along with orientation, or the interaction with human movement. All these are incredibly crucial parts of the test. Finally, we must consider the value and most thoroughly test in terms of the user’s perceptions, mindsets, biases, and emotions when interacting with the IOT devices.
The first step towards adopting the user experience approach is to understand the end user’s/customer’s requirements. When testing a new device, one can observe contributors using the corresponding device in prototype lab. In this setting, they can observe and focus on their reactions and possibly discuss with them their feedback and responses to the device. Thus, the key to following a test approach for user experience testing involves not only 'field' testing but also testing in the real environment in which the customer is present.
Below are some of the test scenarios that could be created as part of IOT testing and security:
Figure 1 shows that IoT, as of now, is highly vulnerable and is not a foolproof system. An aggressive approach to IoT testing by building a framework and executing different types of testing can only help in making the ecosystem robust.
Although it is one of the most critical areas in testing IoT apps and services, security testing is often overlooked due to market pressure on companies to launch new products/releases. Also, there is at times a lack of understanding security testing by the IoT manufacturers. Needless to say, security testing is very critical and cannot be missed, as the device’s behavior affects the end user’s everyday life and the device can actually be configured through a wireless connection, remotely. So one can imagine how vulnerable these devices become if these devices are wrongly configured intentionally! As an example, taking control of an IoT system of another user by cutting off its transmission can be done by an IoT system remotely. Thus, security testing must assure that the system is accessed only by an authorised user and the information exchanged between the device and the system is not intercepted and modified by a hacking attack. A few security features that can be included as part of security testing in an IoT ecosystem are insufficient authentication/authorisation, insecure network services, privacy concerns, insecure software/firmware, lack of transport encryption, etc.
Nowadays there are many applications that can expand the existing connected systems. However, different organisations need to perform appropriate testing on the IoT applications before they go live, get connected, and start transferring data. The role of quality assurance and security is therefore very important, because it involves testing the hardware and software and sending to and fro huge amounts of real-time intelligence. The main challenges and solutions that quality assurance and security managers have faced include:
The common security observation
Across industry, the following observations relate to people, processes, or technology that are the most common root cause for lack of security in IOT:
In a nutshell, IoT security and testing complexities go beyond devices and sensors to include the added complexity that comes with a big volume of data transaction and communication (i.e., huge volume, velocity and variety), which makes testing of real-time IoT certification a major headache.