Show Menu

Internet of Things Presentation Cheat Sheet (DRAFT) by

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Introd­uction to IoT

The size of the IoT is expected to be immense: by 2020, 20–50 billon things are estimated to be connected as part of the IoT, leading some to predict an investment of US$1.7 trillion by 2020.
Allows for increased automation or action­-at­-a-­dis­tance.
IoT’s inform­ational and commun­icative functions have direct physical impacts.
A physical target accessible through cyberspace is more preferable for attackers than one that must be physically accessed.
General consensus that the security of the IoT is worryingly underd­eve­loped.
The interc­onn­ection, via the Internet, of computing devices embedded in everyday objects, enabling them to send and receive data.

Informed Consent

A woman buys a vibrator, uses it, and discovers the company that built it is tracking just what she does with it and how often. And yes, she's suing.
A U.S. woman sued the company upon learning that the maker was “colle­cting inform­ation about her and other users’ preferred vibration settings, the dates and times the device is used, [and] the email addresses of [device] owners who had registered their devices . . . [obtai­ning] all this data without the permission of its users”
People have the right to receive inform­ation and ask questions so that they can make well-c­ons­idered opinions.
Stakeh­olders need to know what they are assenting to, and the “informed” part adds that component.
Informed consent requires something short of that, like knowing that some drug may cause nausea­—ex­actly why the drug causes nausea is not necess­arily so important.
EULAs: Tend to be too detailed, often running several pages filled with technical and legal jargon that is inacce­ssible to many users. Furthe­rmore, the sheer length and density of these documents virtually ensures that users do not read them, instead clicking anything to make them go away.
Apple has 56 pages of terms and condit­ions. No one is going to read that!
As a way to deal with these issues, various commen­tators have proposed regulatory framew­orks. Intere­sti­ngly, this might come full circle to the medical context discussed from the outset as the sensit­ivity of personal medical data intersects with IoT applic­ations, like Fitbits, Apple watches, and so on.


Gathering inform­ation can lead to profiling and undesired targeted commun­ica­tion.
Target mined a client’s purchasing habits, predicted that she was pregnant, and send a mailer promoting baby items to her home. As it turns out, she was still in high school and, while she was in fact pregnant, her family did not know; they literally found out because of the mailer.
Even if the data is encrypted, the metadata can nevert­heless reveal pertinent details.
Consider something like Amazon Echo which, by design, is always listening.
Smart homes are routinely commun­icating inform­ation back to manufa­ctu­rers, not all of which is even encrypted.
Reveals the resident’s personal life or practices.
The European Union’s GDPR just went into effect in mid-2018 and makes substa­ntial strides toward increased data protec­tion. Courts have also started to recognize rights to digital privacy.
IoT creates the perfect opport­unity for gathering incredible amounts of personal inform­ation; that inform­ation can signif­icantly bear on an indivi­dual’s privacy.

Inform­ation Security

Many IoT components have sensors coupled to commun­ica­tors. For example, a camera, microphone or other sensor picks up data from the enviro­nment and is coupled commun­icator that relays that data to a remote location, like the cloud or some propri­etary server.
Smart televi­sions and other smart devices have sent data picked up by cameras and microp­hones from people’s homes back to the producer’s servers for analysis.
The lack of inform­ation security in the commun­ica­tions themselves has led to IoT-co­nnected devices being used as part of distri­buted denial of service (DDoS) attacks.
Strava, a fitnes­s-t­racking app, is revealing potent­ially sensitive inform­ation about military bases and supply routes via its global heatmap website.
Default passwords to devices pose a threat
Heightened security impacts the very thing that the IoT is supposed to provide: seamless and invisible integr­ation into our working and personal lives.

Physical Safety

Consider a smart home with a door lock that is activated when the user—or, more likely, the user’s smartp­hone—is within five meters of the door.
The sensors and commun­ica­tions only serve their purpose when they cause some physical change in the world.
Should the driverless vehicle malfun­ction, its passen­gers, those in other vehicles, and the aforem­ent­ioned cyclists and pedest­rians may all be at risk.
Government oversight and enforc­ement of minimum safety standards.
New techno­logies, first and foremost, need to be safe.
“Safety in IoT means being able to reason about the behavior of IoT devices, especially actuators, and being able to detect and prevent unintended or unexpected behavior”
With the IoT, the causal networks are complex, and determ­ina­tions of liability can be quite complex
What distin­guishes the IoT from the tradit­ional internet is the former’s ability to act in the physical world, thus opening the possib­ilities of physical risk.


“Trust tends not to be talked about very much. Most of the time, it is an invisible assump­tio­n."
Can we rely on the technology to do what it is expected to do?
Given past experi­ence, can we expect this technology to act the same way as it has done before?
Insofar as we rely on the driverless vehicle to work, we trust that the brakes are working properly and that the car will stop whenever that is needed. If this does not happen because the brakes malfun­ction, then we lose trust in that we can no longer rely on the car to operate properly.
We lose trust in that service when we do not expect the remote operator to drive the vehicle safely.
We can lose trust when we do not believe that people inside the company are motivated by our best interests.
Continuing with the example of driverless vehicles, in order for these individual vehicles to operate effect­ively, there will need to be coordi­nation between the vehicles. The complexity of such coordi­nation will likely require AI not just for the decisions made by discrete vehicles, but also for the complex system as a whole.
If and when the IoT involves signif­icant risk to people’s safety, and it can be shown that humans make worse decisions than AI, then we have a prima facie argument that AI should be making these decisions.