Sanjay Sarma.
Sanjay Sarma.

IoT is not hype, but it’s also not some magic technology: Sanjay Sarma

Governments can play a role in IoT standards but not by over-legislating, says MIT's Sarma

Sanjay Sarma, vice-president for open learning at the Massachusetts Institute of Technology (MIT), believes that the Internet of Things (IoT) ecosystem will work only if security is made part of the architecture and not implemented as an afterthought. He should know, having played a part in developing the radio frequency identification (RFID) prototcol, which can also be used to make the “cheapest sensor possible" for IoT.

Sarma was a key speaker at the SingularityU India Summit held in February in association with INK, which hosts events like INKtalks.

Sanjay Sarma, 47Sarma got his bachelor’s degree from IIT Kanpur, his master’s from Carnegie Mellon University and his PhD from the University of California at Berkeley. He has authored more than 75 academic papers in computational geometry, sensing, radio frequency identification, automation and computer-aided design. He also serves on the boards of GS1, EPCglobal, several start-ups and edX, the not-for-profit set up by MIT and Harvard.

In a phone interview, Sarma, who also leads the office of digital learning which oversees MIT OpenCourseWare and supports the development and use of digital technology for on-campus teaching and massive open online courses, shared his thoughts on how open online courses can reform education. Edited excerpts:

How do you build a secure IoT system?

IoT has been around for quite some time. It was a colleague of mine (Kevin Ashton) who came up with the term Internet of Things. The important thing to understand is that IoT is not a technology. It’s an idea—a design language. And it’s nothing like the Internet and if referred to as an extension of the Internet, that’s a misnomer.

IoT is all about extracting value from systems by connecting and automating certain actions. For example, when I went to Peru for Christmas, my IoT thermostat—the Nest (owned by Nest Labs that was acquired by Google Inc. in January 2014)—which I had installed two years ago, sent me a message suggesting that I turn the heating down because no one was at home. I suspect that I saved tens of dollars because my house is old and drafty.

There are several elements to how you build a secure IoT system. The first is that you cannot add security afterwards. Security has to be at the core of the design. You also need an architecture that enables security. For instance, you may have sensors in the house, and microcontrollers and motors connected with Wi-Fi. Everything may look hunky-dory with you automatically turning the valves on and off. The challenge is if someone hacks into your Wi-Fi network and gets control of the valves. We have very good security tools but you have to use tried-and- tested standards and protocols. A lot of reinvention is going on, which bothers me.

What kind of reinvention are you referring to, and how does it affect security?

Let’s consider the case of a remote factory, in which people at the head office want to monitor the temperature of the pipes and valves, and maybe even have motors that close the valves remotely. The implementation is mostly patchwork in such cases. For example, one consultant may use Bluetooth low-energy to attach the first set of sensors to the motors. Consultant B comes in and implements a ZigBee connection between the motors and the controller. Consultant C comes in and uses Wi-Fi to connect to the camera. So you end up with three different topologies and standards. Now if a valve breaks, a fourth consultant is called in and he will have to figure out which of the three protocols to replace. So he may have to compromise to set up something that works.

A better way to do it is to have an avatar (a proxy, which represents a person or product) for, say, a valve or a motor—it is a very simple design metaphor—and take the avatar to the cloud. So, you will end up replicating the product in the cloud and end up having a cloud valve or a cloud motor. All the connections will be made in the cloud. Now, if you want to have the motor turn up the temperature of the valve in places, you can do so. This kind of an architecture enables you to leave the details of hardware alone and focus on making the hardware in the cloud very secure. This will also make it less expensive.

Is IoT much hyped, given that the popular talk is mostly around wearables and consumer IoT?

Even if you lose a couple of zeros from the numbers being put out on forecasts for IoT revenues, you have to take the opportunity seriously. Consider factories, and look at the number of factories where machines are on when nothing is happening; the number of lights that are on in homes when no one is there. We are pretty inefficient. IoT wraps a layer of intelligence around these products to unleash their potential.

IoT is not hype. What is being hyped is inflating IoT to some magic technology—without thinking of how to implement it safely and securely.

In this context, are there good-enough standards for IoT devices to make them work efficiently and securely?

Consider the host of wireless standards that we have. To name some: ZigBee, Wi-Fi, Bluetooth and Z-Wave. I played a part in developing the RFID protocol, which can also be used for the Internet of Things. A lot of folks think that there are so many protocols because of lack of coordination. This is only partly true. The reason they are different is because they also support different battery profiles, bandwidth profiles, data-rate profiles, etc. So a very low-cost sensor may need a different protocol than a video camera.

In sum, you may need different wireless protocols. Hence, abstraction (referring to the avatar example cited above) becomes important. It basically means that users just want to connect things to each other. Why should they be bothered with which protocol? That is why this abstraction approach, which is called the Web of Things or Cloud of Things, makes it independent of protocols.

Is this something you look at as a board member of EPCglobal?

What I was talking to you is not so much about the use of standards. Rather, it is the reuse of standards. EPCglobal has no control of what protocol you use to connect a product to the cloud. We encourage the RFID protocol and we push it very hard because it enables the cheapest sensor possible. The W3C (World Wide Web Consortium) has a Web of Things standard. And this to me is very exciting. My role is to ensure that people take advantage of the EPC RFID standard where possible and to encourage efforts like that of the W3C.

Are governments serious about IoT?

Let’s talk about Smart Cities as an example. I would respectfully state that before a country like India thinks of building Smart Cities, it should stop building Dumb Cities. What I mean is that you can build a smart city if you follow your master plan. If you can’t stop encroachment or have poor sanitation, for instance, you are not following good practices that are age-old ones.

Also, putting Wi-Fi at a railway station is not IoT. Governments can play a role in IoT standards but not by over-legislating because this is a fast-moving field and one cannot become quickly obsolete. So, you can’t have a policy that comes up once in five years.

You are currently dean of digital learning. What does this role entail?

If you look at educational practices in ancient India and countries like China, Greece, etc., you will realize that a lot of it was based on knowledge sharing through discussions, interactions and apprenticeship, and so on. Today, you have teachers talking at students.

Why should we assume that this is the right way? If you understand how the brain works, you ought to be questioning that approach. For instance, you realize that learning is best done in short chunks—something like 10-minute chunks as opposed to hour-long sessions. A lot of discussion also helps, because it enables one to digest the information.

Learning should also be accompanied by a lot of questioning. This encourages the learner to re-examine what they’ve learnt, helps the brain organize information and enable transfer from short-term to long-term memory. These are powerful examples of what we need to do.

This is where technology helps. For instance, it helps tune questions to individual students. Digital learning is bringing these tools to education. Once you develop these tools, you can also create an online course.

You are now taking on the challenge of becoming a V-P for open learning at MIT. This appears to be a new challenge...

Over the last couple of years, we at MIT have been putting together a team of researchers who are looking at how the brain operates, the economics of learning, behavioural psychology of learning, and discipline-based education research (which is how you explain mechanics or say, history).

Last month, we launched the MIT Integrated Learning Initiative—a sort of an intellectual backbone for all the offerings we are putting together. This exciting development necessitated a change in my role.

Close