Over the recent years, IoT systems have evolved as systems of interrelated physical objects equipped with computing, sensing and networking capabilities enabling the objects to collect and exchange data without requiring human-to-human or human-to-computer interaction. An IoT system allows physical objects to be sensed and controlled autonomously, enabling for a more direct integration of the physical world into computer-based systems. “Things” in the sense of IoT may refer to a wide variety of objects, such as, e.g., persons with heart monitor implants, animals with biochip transponders, automobiles with built-in sensors, or any other natural or man-made objects that can be assigned a unique identifier, typically an IP address, and that can be provided with the ability to transfer data over a network.
An IoT system typically comprises sensors and actuators that provide and receive data from a cloud through gateways or data aggregators. Analytics engines may be used to analyze the gathered data to make decisions affecting and controlling objects in the IoT environment. Analytics engines may, on the one hand, perform so called “cloud analytics” where data analytics processes are provided through a public or private cloud computing environment. Analytics engines may, on the other hand, also run in the field, e.g., on edge nodes of a network, such as on the sensors themselves, network switches or other devices outside the cloud, and perform so called “edge analytics” without a need to send the data to the cloud for analysis purposes.
In an example, industrial manufacturing machines may be connected to an IoT system and streaming data from these machines may create massive amounts of operational data. By performing analysis of the data through analytics engines, control information may be derived and applied to the machines to preserve or enhance their operational state. Also, a likely failure of a specific part of a particular machine may be identified and the machine may automatically be shut down. An alert may be sent to a plant manager so that the part can be replaced or the failure otherwise be fixed.
Typically, analytics computations are performed on plaintext of the gathered data, thereby opening security holes enabling hackers that gain access to the relevant computing systems to manipulate the control of the objects, to get knowledge of the reported data (confidentiality) and/or to silently compromise a precious database by injecting corrupted data (integrity) in the IoT environment.