“Curiouser and curiouser!” said Alice.” Alice didn’t know it, but she summed up nicely the IoT edge landscape. Just as Alice was constantly reacting to the new and unexpected dangers of Wonderland, the IoT edge presents new vulnerabilities that invite investigation and that should not be ignored, such as:
- Logistics mishandling which can pose unique risks at the edge;
- Infrastructure theft; and
- Direct tampering for extended durations of time.
A good example of a logistics mishandling is a “shipping abnormality” where a parcel is delivered to the wrong place. Think about how often you have experienced an e-commerce “shipping abnormality.” Now, what if that “shipping abnormality” was your pre-configured IoT edge server, ready for plug and play deployment? What would you be risking? Confidential company data? Customer’s private data? What news headlines might result? The IoT edge requires new security approaches for new user groups to complement the physical security mechanisms found in a traditional or cloud hosted datacentre. IoT edge infrastructure is not new, but as workloads continue to be pushed closer to data generation points, and prices of edge compute devices decrease, more and more devices are being purchased and deployed at the IoT edge. Meanwhile, the value of the data stored and processed on these IoT edge devices continues to increase.
Understanding the reality of the IoT edge
Unfortunately, infrastructure administrators cannot be at every IoT edge location to personally shepherd this growing vault of valuable data. Modern orchestration toolsets allow a wide array of security setup plus plug and play install, update and remote control of most purpose-built IoT edge devices. However, most of these devices have setup and operational tools that require a specialised skillset which is not commonplace for the typical IoT edge user. Security-related settings are deeply entrenched in setup and operational tools which are familiar to the infrastructure administrator back at the data centre – not with the IoT edge user who might be an employee in a location like a warehouse, grocery store, or construction site. This skill-gap is a vulnerability that inhibits the ability to establish and maintain security at the IoT edge.
Empowering the IoT edge user – no matter who it is
Understanding the IoT edge users’ capabilities and designing onboard security software with those specific needs in mind presents a huge opportunity to secure data. Providing tools that support the IoT edge user extends the reach of the infrastructure administrators and potentially saves cost and time to resolution when security situations arise. Together, the infrastructure administrator and the IoT edge user work together to establish and maintain security at the edge. This means if you need to add compute horsepower to a manufacturing plant to enable real-time data feedback, or a quick-serve restaurant operating a hyperconverged stack for digital signage, point of sale operations and gathering food safety compliance data, the “IoT edge” can be anywhere and still be secure.
Detecting and thwarting tamper and theft
Even if your IoT edge user and infrastructure administrators can securely set up and operate edge devices, tampering and theft are a huge vulnerability. However, what if the IoT edge infrastructure could detect tamper or theft situations and do something about them? Built-in sensor technology for detection of these situations is key. The Lenovo ThinkSystem SE350has an intrusion switch which can detect if the cover has been opened and secure the drives by encryption should such an event occur. See Figure 1.
Figure 1: Inside the ThinkSystem SE350, detail of intrusion switch.
Coupled with secure encrypted drive (SED) technology, the SE350 will encrypt all disk data as well as prevent power distribution to the host system. What’s more, this is how the system is shipped from Lenovo, therefore ensuring system security from point of manufacture. So how can an end user, say a retailer or manufacturer for example, actually use the SE350 at the IoT edge if it arrives with the drives encrypted and power not permitted to the host? Lenovo has developed the cloud managed ThinkShield Key Vault Portal and ThinkShield Edge Mobile Management mobile application to facilitate unlocking whether the system is internet connected or in a completely air gapped infrastructure. These systems provide infrastructure administrators centralized tools to manage unlocking of their fleet of IoT edge devices. The IoT edge user has a simple and secure way to participate in device and data security by unlocking the device locally via mobile application.
Figure 2: Activating a SE350 using ThinkShield Edge Mobile Management App
With the ThinkShield Edge Mobile Management App, the IoT edge user is guided through a seamless activation process which authenticates device, user and cloud in a matter of seconds. Unlocking and decryption after tamper event is also enabled via the ThinkShield Key Vault by utilizing the same mechanisms which unlocked the device from the factory state. See Figure 2.
So, is your IoT edge infrastructure secure? With new vulnerabilities being exposed daily, your security program may feel more like a journey than a destination. You can improve your overall security by adopting a proactive stance – one that seeks understanding of the IoT edge landscape, anticipates the unique needs of the users and utilizes the latest hardware and software security technologies.
Global players join forces for voice interoperability
Amazon and leading technology companies have announced the Voice Interoperability Initiative, a new program to ensure voice-enabled products provide customers with choice and flexibility through multiple, interoperable voice services. The initiative is built around a shared belief that voice services should work seamlessly alongside one another on a single device, and that voice-enabled products should be designed to support multiple simultaneous wake words.
More than 30 companies are supporting the effort, including global brands like Amazon, Baidu, BMW, Bose, Cerence, ecobee, Harman, Logitech, Microsoft, Salesforce, Sonos, Sound United, Sony Audio Group, Spotify and Tencent; telecommunications operators like Free, Orange, SFR and Verizon; hardware solutions providers like Amlogic, InnoMedia, Intel, MediaTek, NXP Semiconductors, Qualcomm Technologies, Inc., SGW Global and Tonly; and systems integrators like CommScope, DiscVision, Libre, Linkplay, MyBox, Sagemcom, StreamUnlimited and Sugr.
Notably, however, Amazon’s biggest competitors in the voice assistant space, Google Assistant and Apple Siri, are absent from the consortium. The inclusion of Microsoft’s Cortana means that it is more than just Amazon and friends, though.
“Multiple simultaneous wake words provide the best option for customers,” said Jeff Bezos, Amazon founder and CEO. “Utterance by utterance, customers can choose which voice service will best support a particular interaction. It’s exciting to see these companies come together in pursuit of that vision.”
The Voice Interoperability Initiative is built around four priorities:
- Developing voice services that can work seamlessly with others, while protecting the privacy and security of customers
- Building voice-enabled devices that promote choice and flexibility through multiple, simultaneous wake words
- Releasing technologies and solutions that make it easier to integrate multiple voice services on a single product
- Accelerating machine learning and conversational AI research to improve the breadth, quality and interoperability of voice services
Multiple, interoperable voice services deliver choice and flexibility for customers
Companies participating in the Voice Interoperability Initiative will work with one another to ensure customers have the freedom to interact with multiple voice services on a single device. On products that support multiple voice services, the best way to promote customer choice is through multiple simultaneous wake words, so customers can access each service simply by saying the corresponding wake word. Customers get to enjoy the unique skill and capabilities of each service, from Alexa and Cortana to Djingo, Einstein, and any number of emerging voice services.
Companies participating in the initiative – including Amazon, Baidu, BMW, Bose, Cerence, ecobee, Free, Harman, Microsoft, Orange, Salesforce, SFR, Sonos, Sound United, Sony Audio Group, Spotify and Tencent – are committed to adopting a similar technological approach, whether building voice-enabled products or developing voice services and assistants of their own.
“We’re in the midst of an incredible technological shift, in which voice and AI are completely transforming the customer experience,” said Marc Benioff, Chairman and co-CEO at Salesforce. “We look forward to working with Amazon and other industry leaders to make Einstein Voice, the world’s leading CRM assistant, accessible on any device.”
“We value freedom of choice, empowering listeners to choose what they want to listen to and how they want to control it,” said Patrick Spence, Sonos CEO. “We were the first company to have two voice assistants working concurrently on the same system, a major milestone for the industry. We are committed to a day where we’ll have multiple voice assistants operating simultaneously on the same device, and are working to make that happen as soon as possible.”
“Access to the music and podcasts you love should be simple, regardless of the device you’re on, or the voice assistant you use,” said Gustav Söderström, Chief R&D Officer, Spotify. “We are excited to join the Voice Interoperability Initiative, which will give our listeners a more seamless experience across whichever voice assistant they choose, including the ability to ask for Spotify directly.”
Developers and device makers have a shared commitment to customer trust, and will work together to protect the security and privacy of customers interacting with multiple voice services. Companies participating in the initiative will work to ensure this commitment extends to products that support multiple, simultaneous wake words.
Making multiple, simultaneous wake words more accessible for developers and device makers
Alexa machine learning and speech science technology is designed to support multiple, simultaneous wake words. As a result, any device maker building with the Alexa Voice Service (AVS) can build powerful, differentiated products that feature Alexa alongside other voice services.
Still, device makers interested in supporting multiple, simultaneous wake words often face higher development costs and increased memory load on their devices. To address this, the Voice Interoperability Initiative will also include support from hardware providers like Amlogic, Intel, MediaTek, NXP Semiconductors and Qualcomm Technologies, Inc.; original design manufacturers (ODMs) like InnoMedia, Tonly and SGW Global; and systems integrators like CommScope, DiscVision, Libre, Linkplay, MyBox, Sagemcom, StreamUnlimited and Sugr. As part of the initiative, these companies will develop products and services that make it easier and more affordable for OEMs to support multiple wake words on their devices.
“Giving people flexibility in how they interact with their PCs is foundational to a great user experience, and the mission of this initiative aligns with Intel’s Project Athena innovation program,” said Ran Senderovitz, vice president and general manager of Mobile Product Marketing, Client Computing Group at Intel Corporation. “We are excited to collaborate to drive the industry to scale voice experiences beyond the many 10th Gen Intel Core based systems expected to launch with multiple voice assistants this year.”
“Qualcomm chipsets allow multiple wake word engines to run simultaneously on a single device already, and we believe joining the initiative will help make these solutions accessible to more device makers and on more form factors,” said Rahul Patel, senior vice president and general manager, connectivity, Qualcomm Technologies, Inc. “We are excited to work closely with OEMs and developers to understand their needs in this fast growing area of innovation and to develop powerful and scalable solutions to support multiple services on voice-enabled products.”
Advancing the state of the art in machine learning and wake word technology
The academic community has played a vital role in advancing the core machine learning and conversational AI behind voice technology. Companies involved in the initiative will work with researchers and universities to further accelerate the state of the art in machine learning and wake word technology, from developing algorithms that allow wake words to run on portable, low-power devices to improving the encryption and APIs that ensure voice recording are routed securely to the right destination. This continued innovation will provide an important building block for long-term advancements that improve the quality, breadth and interoperability of voice services in the future.
“Customers want flexibility, in addition to greater value and functionality. They don’t want to be locked into using a specific voice service, and that means we’re going to see more households become multi-assistant environments,” said Mariana Zamoszczyk, senior analyst for Smart Living at Ovum. “This trend means that device makers and AI developers need to prioritize interoperability with other services, and work to deliver differentiated, personalized experiences through their own products or assistants.”
Participating companies will have more detail to share on the initiative and compatible products in the coming months. To learn more about the program and opportunities to get involved, visit http://developer.amazon.com/alexa/voice-interoperability.
Worker safety gets boosted by 3D-printing
Engineers from Jaguar Land Rover are working on the next generation of protective workplace clothing – a lightweight 3D-printed glove which could help better protect employees from the threat of a musculoskeletal disorder.
The 3D glove is designed for people working on the production line, for example those required to fit clips or fasteners into the chassis during assembly of Jaguar and Land Rover’s luxury vehicles.
Musculoskeletal disorders, which include more than 100 different types of conditions, make up around 30 per cent of all workplace injuries that result in time off* and account for a third of the money paid in compensation to employees. Musculoskeletal disorders affect an estimated 10% of the global population, rising to as much as 40% in certain industries**.
Engineers at Jaguar Land Rover’s Gaydon site – home to one of the largest 3D printing facilities in the UK – saw an opportunity to use the company’s advanced manufacturing expertise to design and 3D print a lattice-style structure which would provide support to reduce muscle fatigue, but also be flexible and comfortable enough to wear during an eight-hour shift. Using 3D computer-aided design (CAD) software, the team modelled designs in different densities using a variety of materials for testing.
Following feedback from trials, the team is now working on a second-generation prototype. It will include a foam pad made using impact additive D30 – a polymer material which absorbs impacts when placed under pressure. This will make the glove suitable for those who fit parts, such as door casings, using the palm of the hand.
In the short term the gloves will support workers across Jaguar Land Rover’s facilities, helping to protect against musculoskeletal disorders. These form part of a wider future plan to deploy a range of technologies to assist those with muscle weakness or patients who suffer from physical or neurological disorders – helping employees return to work.
Chris Noble, Additive Manufacturing Strategic Engineer for Jaguar Land Rover, says: “The health and wellbeing of our workforce remains our priority across all factories and facilities. Technologies like the 3D-printed glove allow us to use the world-leading expertise and equipment we have in-house to protect the hands of our makers, developing equipment that will make Jaguar Land Rover a great place to work, now and in the future.”
The Jaguar Land Rover Additive Manufacturing Centre produces over 80,000 parts a year for a variety of applications, including functional prototyping, design mock-ups and manufacturing assembly aids and fixtures. Jaguar Land Rover is also able to 3D print parts for production cars with the Jaguar XE SV Project 8 one of the first vehicles to use them.
The programme forms part of Jaguar Land Rover’s Destination Zero vision; an ambition to make societies safer and healthier, and the environment cleaner. Delivered through relentless innovation, the company’s focus is on achieving a future of zero emissions, zero accidents and zero congestion – across its facilities, and through its products and services.
*US Bureau of Labor Statistics (BLS); 2013
** BBC News