3.1 IoT platform security

I. Potential threats of IoT security

Even though the services of IoT platform have facilitated the automation and intelligent transformation of enterprises and realized product intelligent upgrades which bring technology and convenience to consumers’ lives, the more interconnected the world is, the more extensive the harm will be caused and the more difficult it is to maintain safety once data is leaked and the system is attacked.

The security expert Longwei Liu of Tuya Smart pointed out that throughout all links of the IoT industry chain, basically every link might produce security risks. For example, lack consideration of security design at the R&D stage. Leakage of authentication information and key of intelligent devices caused by the faulty process at the manufacturing stage will lead to the risk of intelligent devices. Device information leakage, network configuration QR codes replacement, and return and exchange equipment modification at the sales stage may all be attacked and exploited.

At the use stage, the design flaws of network configuration activation and device control, and the security flaws of three-party interaction including authentication, authorization and information encryption will bring potential security threats. Besides, the firmware might be hijacked or replaced during Over-The-Air(OTA) upgrade process.

We summarize the top 10 greatest security threats of the IoT field:

1. Incompliant IoT vendors

The majority of security issues are originated from insufficient investment in resources and time in the aspect of security from vendors. For example, the Bluetooth pairing status is still visible after the first time fitness tracker pairing for most Bluetooth fitness trackers. A Smart fingerprint padlock can be accessed through the Bluetooth key with the same MAC address as the padlock device. The specific risks include:

1. Weak, guessable or hardcoding password
2. Hardware issue
3. Lack of security update mechanism
4. Old and unpatched embedded operating systems and software
5. Insecure data transmission and storage

2. Users lack knowledge and awareness of security

Over the years, Internet users have learned to avoid spam or phishing emails, scan virus on personal computers, and use strong passwords to protect Wi-Fi networks security. However, IoT is a new technology, users are unfamiliar with its functions. Although most of the risks of IoT security issues are still in manufacturing, users and business processes may pose greater threats.

3. IoT security issues in device update management

Another source of IoT security risks is insecure software or firmware. Although manufacturers can sell devices with the latest software updates, new vulnerabilities are almost inevitable. Updating right after new vulnerabilities are spotted is critical to maintaining the security of IoT devices. However, some IoT devices still operate without essential updates comparing to auto-update smartphones or computers. Another risk is that the device will send a backup to the cloud and have a short period of downtime during updates. Hackers may take advantage of the window to steal sensitive information if the connection is not encrypted and the updated file is not protected.

4. Insufficient physical reinforcement

Lacking physical reinforcement can lead to IoT security issues. Although some IoT devices should be able to operate autonomously without user interference, they need to be physically protected from external threats. Sometimes, these devices are placed in a remote place for a long time and might be physically altered, for example, a USB flash drive with malware. However, installing security sensors and transmitters on low-cost devices is a challenging task for manufacturers, and users are responsible for maintaining the physical security of IoT devices.

5. Botnet attacks

A single malware-infected IoT device will not pose a real threat, but a collection of them can be a serious threat. To launch botnet cyberattacks, hackers create multiple malicious applications by infecting devices with malware and command them to submit overloading requests to knock down the target. IoT devices do not receive regular software security updates like computers, so they are vulnerable to malware attacks.

More importantly, botnets can pose security threats to power grids, manufacturing plants, transportation systems and water treatment plants. For example, hackers can trigger cooling and heating systems simultaneously to reach the maximum capacity of the power grid, causing nationwide blackouts once the scale is large enough.

6. Industrial spy and eavesdropping

If hackers control surveillance by hacking into IoT devices, they can not only monitor the scene but also demand a ransom. Therefore, invasion of privacy is another critical issue of IoT security, and many different sensitive data might be leaked and used in attacks against its owners. In addition, several IoT devices such as health devices, intelligent toys, and wearable devices record user information. At the industry level, hackers can collect a company’s big data and expose sensitive business information. Some countries have begun to ban specific IoT devices with security issues.

7. Hijacking IoT devices

Ransomware is known as one of the most malicious types of malware ever. It will not corrupt sensitive files but encrypt them to block access from users. Then the hacker who infects the device will demand a ransom in exchange for the decryption key to unlock the file. With the constant evolution of ransomware, the IoT devices with poor security might also become targets.

It is rare to see a ransomware-infected IoT devices case, yet wearable devices, healthcare devices, intelligent homes, and other intelligent devices, as well as the ecosystems, might be at risk in the future. The good news is that most of the IoT information is stored in the cloud so that malware might not be able to lock critical data, but it could still lock the device’s functions. For instance, a car cannot be started unless a ransom is paid.

8. Data integrity risks of IoT security in the medical industry

IoT devices can be intelligent thermostats, HVAC, TVs, and medical equipment…etc. Sometimes the above devices will send unencrypted data to the cloud, which could allow hackers to access the medical IoT device, control the device, and alter the data.

9. Rogue IoT devices

We have already known the rapid growth of the number of IoT devices. According to the prediction of Ericsson, the number of IoT devices will reach 18 billion by 2020. With such a large number of devices, problems might arise in business and home networks. Rogue devices or fake malicious IoT devices start to be installed in the secure network without authorization. A malicious device can replace the original one or turn into an add-on to collect or alter sensitive information. These devices break network boundaries and become rogue access points, thermostats, cameras, and man in the middle (MITM) that intercept communication data without the end-user knowing. Other variants of rogue device might also emerge in the future.

10. Mining digital currency

Mining cryptocurrency requires enormous CPU and GPU resources. As a result of that, one more IoT security issue comes to the fore – taking advantage of IoT Trojan Horse to cryptocurrency-mining. The open-source cryptocurrency Monero is one of the first batches of cryptocurrencies that are mined by hacked IoT devices (such as cameras). Although a single camera does not equip with powerful resources to do cryptocurrency mining, a large number of devices can accomplish the task.

In the era of IoT, massive user data is transmitted to the cloud from network devices. The more diverse of IoT devices, including household consumer devices, public service devices, large-scale industrial devices, energy devices, and transportation devices, the more complex the security issue of IoT will be. The stronger publicness of the devices, the higher they related to public safety in society. International organizations and governments need to establish worldwide IoT standards to manage security in cities, homes, nuclear power plants, manufacturing processes, and other fields.

In the future, the IoT security field still requires a robust security solution system to support. In this way, bring higher standards on cloud security because any design of cloud platform permission might lead to huge security risks. At the endpoint security level, a wide variety of intelligent devices makes IoT security more complicated, and hardware attacks might threaten the personal safety of users.

The security expert Longwei Liu of Tuya Smart pointed out that due to difficulties of intelligent device upgrades and management, the security issues of products that have been delivered cannot be effectively patched in a timely fashion. Plus, due to the lack of consistent standards of industry techniques and huge differences in computing power among devices, until now, IoT intelligent devices lack the support of a unified security solution.

At the current stage, due to fragmented products, exaggerated product capabilities and diverse usage scenario, the IoT industry has no specific security standards. The security levels of IoT products and platforms on the market are inconsistent. Most of the products do not have a proper security design and have huge security risks because of hardware cost management. For example, most of the products except mainstream platforms do not implement Transport Layer Security Protocol (TLS) encryption. TLS aims to provide three fundamental guarantees for information transmission: confidentiality, identity verification, and data integrity.

In addition to the above security risks, the privacy security of the IoT industry is also facing huge challenges that involve collection, utilization, storage, and legal regulation of privacy data. Many intelligent devices are like probes of personal life and collect all aspects of information related to one’s daily life to compose a full picture of a person. Therefore privacy security and compliance are the bottom lines of all services.

II. IoT security measures

Regarding these potential security risks, the current major security measures of the IoT industry include:

1. In the product R&D stage, Implementing completed Secure Software Development Lifecycle (SDLC) to satisfy security requirements and verification from product design, development, coding to delivery. Simultaneously, privacy compliance design and auditing are also required.
   Longwei Liu brought out that the existence of data sovereignty allows access with the user’s consent. Same for the platform like Tuya Smart, there is an explicit character definition between the platform and the user. Regarding the user and device data under the OEM application, the platform needs to gain access through the authorization of clients and users.
2. In terms of endpoint product security including devices and applications, reinforcing a multi-layer approach to protect codes, keys, and data is required.
3. In terms of intrusion prevention, an in-depth defense mechanism is required. By simulating red and blue confrontation, the mechanism could detect attacks, intercept them precisely, and inspect the security and robustness of the entire system and network.
4. For business security, establishing a completed risk management system is required to audit abnormal user behaviors and assess risks.

To be more specific, enterprises can also enhance the safety factor of the device both in hardware and software in the following ways.

For hardware:

1. Encryption key management aims to ensure that the key is inaccessible under plain text. Device should be able to create and store the key (including private key) securely to accomplish unique identifier and configuration real safety.
2. Cryptographic accelerator, Hash function, and True random number generator aim to accelerate encryption computation on the device. The hardware support can save computing time and power.
3. Providing security storage access to protect specific parts of RAM and flash memory and to prevent unauthorized access. An independent storage area can isolate sensitive code and data from unsafe ones. At the same time, the write-once secure storage can prevent code and data from tampering and reprogramming.
4. Providing access protection for debugging and programming, which would reduce the risk that hackers use debuggers and programming interface as attacking entry points.

For software:

1. An integrated and optimized commercial-grade software provides certified application frameworks and standard APIs. Besides, it also supplies hardware security functions an easy-to-use interface through a drive API.
2. An encrypted library that contains various APIs provides security functions like macro security and root of trust and is equipped with the ability that could identify trusted sources and codes.
3. Native support for common communication protocols and transmission protocols, such as Hypertext Transfer Protocol Secure (HTTPS), Transport Layer Security Protocol (TLS), and other designated cloud protocols.
4. Updating the software and patching vulnerabilities in time.

According to the expert from SGS-CSTC Standards Technical Services Co., Ltd, in addition to technology, management is also needed, such as IoT risk assessment, process management, and security assurance…etc. Hence, Enterprises require to set up an IoT security management system. “As a worldwide recognized third-party inspection, verification, testing and certification company, SGS is aware of the big picture that IoT companies are doing a good job on information security, and the application of security technology has always been at the forefront of the market, but we need to pay more attention to data and information control problems such as excessive collection, unauthorized usage, and data trading.”

The expert said that some of the companies certified by SGS-CSTC Standards Technical Services Co., Ltd are already aware of security issue of user privacy, so they will apply for ISO/IEC 27018 certification. The ISO/IEC 27018 is a certification that pursues the Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds.

3.2 The Chaotic Standards for the IoT Industry

1. Status Quo of Standard Confusion

Currently, one of the core challenges facing the IoT industry is the incompleteness of its standardization system. “The essence of a standard is de facto an industry consensus. It takes time to reach such consensus. At present, although there are some standards about the IoT, a complete standardization system has not yet been well established and accepted. The Internet had also gone through a long period of adjustment before reaching an industry consensus”, argued Zhang Feng, vice-chairman and secretary-general of Zhejiang Digital Economy Association.

Some experts pointed out that the essence of the IoT is one of the reasons for fragmentation of its standards. The heterogeneity represented by the diversity of IoT technologies and standards corresponds to the diversity of things in the world to be interconnected by the IoT. There may never be a real need for an all-inclusive standard. Just as updated applications and use cases continue to emerge in the IoT industry, so will the IoT protocols suitable for its deployment.

The interaction between sensors, devices, gateways, servers and user applications is the basic feature of the IoT. What enables all these intelligent devices to talk and interact is the IoT protocol, which can be regarded as the language used by IoT devices for communication. Only when there is a communication medium and all devices in a specific IoT ecosystem can share and use a common “language”, can connectivity be achieved.

The IoT protocol provides either an Internet protocol that has been used for a long time or an IoT protocol specially developed for the communication of connected devices. The main purpose of the unified standard for the IoT is to avoid further division, so as to maximize the interconnection and simple control of equipment, and reduce the risk of security threats.

However, the IoT communications connection alone involves use of many technologies. Wired includes KNX, RS485, TCP/IP, CAN-BUS, LonWorks, PLC, etc. Wireless includes Zigbee, BLE Mesh, Duplex RF, Z-Wave, EnOcean, NB-IoT, LoRa, and the rapid landing of 5G also injects more innovative power into IoT. There is no absolute difference between advantages and disadvantages in various networking technologies, especially the common networking technologies in the market, which are developed and applied to meet specific needs.

Let’s take Wi-Fi, Bluetooth and Zigbee, the most common short-range wireless standards in the field of IoT smart home, for example. Wi-Fi is used for high-speed data transmission connection, such as video; Bluetooth is used for connecting mobile and wearable devices. Zigbee, on the other hand, provides stable, scalable and interoperable network support for numerous control sensing and lighting devices. They are classified by their role in the network, inclusive of protocols for connectivity infrastructure (e.g. 6LowPAN), communication (Wi-Fi, Bluetooth), data transmission (MQTT, CoAP, XMPP), security (DTLS), device management, and telemetry technology (LwM2M).

Figure 1. Protocol comparison

Source: OFweek Electronic Engineering Net

It is evident that all technologies have special application situation to exert their features. With the continuous enrichment and humanization of application scenarios and the support of new technologies, especially AI, the development trend of networking technology is to integrate and apply various technical standards to bring better user experience.

Today, the IoT supports dozens of different IoT protocols. As pointed out by Longwei Liu, a senior security expert of Tuya Smart, the IoT industry involves a huge industrial chain and subdivided fields. In different scenarios, the technical requirements and standards are different. At the same time, the computing power span of intelligent devices is also very large, ranging from sensor devices the size of a thumb to large devices such as automobiles. The computing power and business requirements they carry also show great differences.

The IoT industry needs formulation of unified standards, including classification and classification standards for intelligent equipment, as well as safety requirements and testing standards for various actual business processes, such as those for distribution network, remote control of equipment, near-field control. In addition, there are differences in product models and product interaction experiences. At the same time, different national and regional alliances compete fiercely in standard setting, which increases the difficulty of cooperation between standards.

However, in the past few years, there were some protocols in the field of the IoT, hoping to provide versatility without compromising security, deployment speed or simplicity. One of the IoT protocols is OMA lightweight M2M, which can meet the specific requirements of various equipment management use cases, then it can provide a solution suitable for a purpose and meanwhile, propose a general standard.

Of course, the diversity of IoT standards is not equal to the complexity and redundancy of standards. The scenarios and requirements involved in the IoT are ever changing. There can be no unified standard to meet different needs. However, at present, the biggest challenge in standard setting is that there are too many competing IoT standards and many standard application scenarios overlap. Such redundant IoT standards not only lead to standard confusion, but also hinder the formation of the standard system and the development speed and scale of the IoT.

Take the wireless standard Zigbee for example. The same standard will also cause confusion due to standard iteration and non-standard application by manufacturers.

1) Evolution of technical standards: Each technology will iterate from time to time to solve the problems found and add new features to meet the market demand. Zigbee had application layer protocols for different vertical industries before, such as Zigbee Home Automation (ZHA), Zigbee Light Link (ZLL) and Zigbee Building Automation (ZBA). While Zigbee 3.0, which integrates different standards, was introduced in 2016.

Of course, this is the only way for standards to mature continuously and meet the market demand. Generally, relevant standards organizations will reduce the impact of iteration on the existing market through compatibility of agreements, publicity and other methods.

2) Non-standard application of standards: vendors may have joined some private protocols due to business models or differential competition when applying open standards.

However, when they did not participate in the relevant product certification plan, they still claimed to use the open standard, resulting in different application experiences and sending wrong signals to the market. At the same time, in order to improve the viscosity and security of users, some ecosystem platforms often adopt the strategy of “private garden” in the early stage, adding special requirements for their own platforms to the standards to allow access, which also increased the differentiation of unified standards.

In the past 20 years, the IoT has continued to develop rapidly in the world. It has played a role in many industries such as manufacturing, medical care, automobile, safety, transportation, etc. It has greatly enhanced the capabilities of enterprises and brought them economic value. In the process of applying IoT technology, what enterprises really need is to understand the value brought to them by each standard and their own business needs and requirements, to understand the advantages and disadvantages of the protocols provided by the market, to select the most suitable protocol for actual scenarios and established use cases, and to establish a relatively unified standard system and a small ecology of interconnection.

For consumers, unified standards represent convenient product experience. If a user purchases a home thermostat that supports IoT, he will want the device to use open standards that allow third-party applications to communicate and control the thermostat and other home IoT devices. The user also hopes that the device can support effective security standards so that hackers cannot break through intelligent systems, invade homes or control home devices.

The ‘private gardens’ of platforms and the equipment that cannot communicate with each other restrict consumers’ freedom to product choices, and the cumbersome product configuration greatly reduces the use experience, so they either don’t want to buy or stop buying another intelligent products. In order to meet the specific requirements of multiple standards and multiple ecosystems, equipment manufacturers need to invest a lot of resources to realize basic ‘connections’, instead of providing better functional products, which cannot expand production scale, reduce costs and upgrade the products themselves. This hinders the rapid development of the market in both demand and supply.

2. Solutions to Standards Confusion

Looking at the whole world, the EU also has a relatively centralized official organization for standard-setting. It organizes enterprises to participate in the formulation of standards. At the same time, many standards can enforce market access and be more practicable.

Governments, enterprises, trade associations, alliances, experts and scholars have all played an important role in the formulation of standards. Longwei Liu thinks that in the formulation of standards or rules, the government should be an initiator, enterprises should be the main contributor to the standards with more focus on practical application. Experts and scholars can provide some forward-looking opinions. The common solution is that trade associations or enterprises work with each other to form a unified standard and promote it. Based on the operating system and development system, it may be relatively more feasible to develop a unified AIoT standard.

Quite a lot of IoT standard alliances led by enterprises, institutions and governments have been established in the world. Today, some of them have stood out amid the competition, matured and started to certify products on a limited basis, including Wi-Fi Alliance, Zigbee Alliance, LoRa Alliance, etc.

Among them, Zigbee Alliance has launched Zigbee 3.0 as a unified standardization solution. Zigbee Alliance is a non-profit standards development organization. Member companies voluntarily join and contribute to the creation and promotion of various IoT standards. Be it the introduction of a new standard or the update of existing standards, they do it based on the needs of the market.

The alliance first introduced Zigbee 2004 Network Layer Protocol to achieve interconnection among devices. However, due to its low speed and low power consumption, Zigbee network needs yet to support many ‘small devices’ with limited computing power and no user interface. If a sensing control network containing devices from different manufacturers is to be built, the devices in the network must be able to ‘know’ and ‘interact’ with each other. For example, A is a switch and B is a light bulb, and in this case, A can control B.

According to the requirements of these scenarios and in order to meet the needs of different vertical fields, the alliance has defined a series of application layer specifications of device types, attributes and functions based on network layer protocols. Zigbee Home Automation (ZHA) was launched in 2007, Zigbee Health Care in 2009, and Zigbee Light Link (ZLL) in 2012. It is also the introduction of these application layer specifications that marks Zigbee has become a full stack protocol that covers the network layer and the application layer. It achieves not only interoperability but also interconnection and interaction between devices.

With the rapid development of the IoT over the years, the boundaries of vertical fields are no longer so distinct, the number and types of devices contained in a single scenario are increasing. Chip manufacturers have also introduced chips with higher computing storage capacity and lower cost. In order to respond to this market trend, Zigbee Alliance members have integrated and opened up a number of application layer specifications which previously applied to different fields, and introduced Zigbee 3.0 specification. And through the specification of network behavior, they have ensured the forward-looking compatibility of the previous specifications to significantly improve the interoperability between different devices while also ensuring the interconnection with the existing products in the market.

Therefore, it is workable for integrating standards that the major participants in the market comply with the market demand, cooperate and communicate with each other on alliances or other platforms, and work together for common prosperity.

In the process of standards integration, there are not only the standard-setting organizations acting as a platform for cooperation and exchange among members of the industry, but also the government, enterprises and experts, who can play different roles. The government ensures a healthy and orderly competitive environment and introduces appropriate incentive policies to support the development of the industry. Enterprises work together on the field of basic standards, while continuously innovating and improving product differentiation and functions. Experts and scholars use their own expertise and knowledge to review standard technologies, come up with opinions and suggestions, and popularize knowledge of technical standards amid the industry.

With regard to the formulation of industry technical standards in China, the Ministry of Industry and Information Technology has issued the Notice of the General Office of the Ministry of Industry and Information Technology on Further Promoting the All-round Development of the Mobile IoT ( hereinafter referred to as the Notice), pointing out that it is necessary to accurately grasp the evolution trend of global mobile IoT technical standards and industrial structure:

1. Formulate standards for the integration of mobile IoT and vertical industries: NB-IOT standards will be more quickly incorporated into ITU IMT-2020 5G standards. Facing key areas such as smart home, smart agriculture, industrial manufacturing, energy meters, fire smoke, logistics tracking, financial payment, etc., formulation and implementation of technical standards and interconnection standards will be advanced, such as mobile IoT terminals and platforms, and the standardization level of industry applications will be elevated.
2. Consolidate the basic security of mobile IoT. A security standard framework for the mobile IoT will be set up, and a series of classified security management standards for key links will be established such as IoT cards, terminals and gateways. Enterprises and research institutions are encouraged to increase the research and application of trusted authentication technology for mobile IoT terminal, block chain traceability and other security technology means. The goals are to speed up the construction of mobile IoT security supervision technology, improve the security situation awareness, card management, risk alert and other real time surveillance capabilities.

In addition, the National IoT Basic Working Group has set up an “overall project team” to develop standards for China’s IoT terminology, architecture, testing and evaluation system and others.

Figure 2. Organization Chart of National IoT Standardization Work

Source: National Health Commission, PRC

III. Standard Analysis of Subdivided Fields

Smart Home

Taking the promising smart home industry for example, global smart home manufacturers use different communication protocols and key technologies, which results in separate ecosystems that are difficult to be compatible with and makes it difficult for them to integrate the smart home ecosystem, thus causing inconvenience to consumers. Consumers often need to download different apps for smart products of different brands and use them in different ways.

Zhou Jun, Secretary General of the China Smart Home Industry Alliance, stressed that in the field of smart home, there is no enterprise that covers all products. “In the age of consumer electronics, and in the age of home appliances, there will be no dominance by a single company. This phenomenon is very common in the software sector, so many software companies will have the idea of dominating the IoT. However, the industrial chain of the IoT is too long, making it impossible for one enterprise to integrate all players including chip manufacturers, module manufacturers, designers, product manufacturers, channels and stores. That is not something one enterprise can empower. So far, no OS has been completely successful. ”

In December 2019, Amazon, Apple, Google and Zigbee formed a Working Group to develop and promote a new patent-free connection standard for better compatibility between smart home products. Security will be a basic design principle. The project is based on a common belief that smart home devices should be safe, reliable and seamless in use. The goal is to simplify development for manufacturers and increase product compatibility for consumers.

Based upon Internet Protocol (IP), this project aims to realize communication among smart home devices, mobile applications and cloud services, and to authenticate devices by identifying a series of IP-based specific network layer technologies. The Working Group of the industry will employ an open source approach to develop and implement a new and unified connectivity protocol. The project plans to use smart home technologies that have been tried and tested in the market, such as Amazon, Apple, Google and Zigbee Alliance.

Board members of Zigbee Alliance, such as IKEA, Legrand, NXP Semiconductor, Resideo, Samsung SmartThings, Schneider Electric, Meijie (formerly Philips Lighting), Silicon Labs, Somfy, Tuya Smart and Nanjing Federation of Things, also joined the Working Group to support the project.

The project aims to make it easier for manufacturers to make devices compatible with smart home voice services, including Amazon’s Alexa, Apple’s Siri, Google’s Assistant, etc. The planned protocol will supplement the existing technology, and members of the Working Group encourage manufacturers to continue use of the existing technology for innovation.

The types of smart home devices for this project include lighting and electricity (e.g. Bulbs, lamps, switch sockets), air conditioning control, entrance guard, security, home entertainment (TV, audio, etc.), network access, etc., including almost all major smart home equipment.

As for the communication protocol standards of smart home, Zhou Jun believed that in the future, the chances are that one technology will not ban another; instead, they definitely coexist. “Zigbee is the mainstream protocol for smart home control. Bluetooth is mainly used for lamps, and its security system and panel system are not so many at present, which do not constitute the ecosystem of smart home. But Zigbee has formed an ecology and the technology has upgraded to the third generation”, added Zhou Jun.

In addition, Zhou Jun also mentioned a lack of delivery standards in the smart home industry. “Uncertain project delivery standards are a big concern. All software companies have different genes, each family environment is different, and workers’ training and salary are also problematic. For example, there is no unified national delivery standard for the installation of simple intelligent door locks. In the future, delivery will become one of the core competitiveness of IoT enterprises.”

In addition, another major strength of European, American and Japanese enterprises lies in product quality and detail innovation. The development of the IoT in the United States is supported by the entertainment industry. There are many kinds of household appliances, including speakers, televisions, players and others for home cinemas. These products have been well integrated and controlled. In this scenario, the content protocol of the products is opened up. Japan is based on consumer electronics and is especially good at innovation of micro-products. Over the years, Japan has also made a lot of refinement in the pension industry.

The most typical practice in Europe is building intelligence. China’s smart home is characterized by a wide range of application scenarios, a lot of demand and a fast development speed. However, manufacturers do not have high enough quality requirements for products. Apart from the serious homogenization of products in appearance design and technology, there is still lack of uniform defined measurement standards for lots of basic technologies. For example, how many milliseconds of delay from the switch signal to the gateway is considered acceptable? In addition, the connection between enterprises and consumers is not close enough, and there is no proven market research as the support for product and technology development, which may lead to the disconnection between products and real consumer demand.

In early 2018, the General Administration of Quality Supervision, Inspection and Quarantine of the People’s Republic of China and SAC approved three national standards for smart home series, namely, Numbering of IoT Smart Home Data and Equipment, The Descriptive Method for IoT Smart Home Equipment and General Technical Requirements for Smart Home Automatic Control Equipment. The IoT smart home is defined and standardized in detail in five aspects: textual and graphic identification, data and device coding, device description, user interface and design content.

The formulation of these standards has provided technical guidance for the design, production and operation of smart home products, accelerated the industrialization of China’s smart home products, and provided a standardized guarantee for the promotion of China’s IoT technology in smart home appliances.

Zhou Jun pointed out that the process of setting standards in Europe and the United States is relatively market-oriented, because there are too many standards involved in the consumer electronics field and it is difficult to rely on the state government to force the formulation of standards. For example, there is naturally a market standardization system for PC, Type-C and USB because they represent a huge market volume. If such standardization system is not used, manufacturers will be backward. The practice of the United States is that several large factories integrate protocols into modules, and then set up third-party organizations and alliances to carry out certification for external entities.

Zigbee, Wi-Fi and other alliances are very powerful and omnipresent as third-party specialized organizations, and their technical experts are focusing on the research and development of the next generation of Wi-Fi technology.” In addition, he also mentioned that there are many competent departments involved in the formulation of industrial standards. For example, the building standards of real estate, internal electronic products, cloud and SaaS are managed by different regulatory authorities. It is very difficult to formulate a unified standardization system for smart real estate. The possibility is therefore that the formulation of national systems and standards may not keep pace with the progression of technological innovation.

Smart Hotel

Up to date, in the construction architecture of the hotel IoT, the intelligent systems introduced to the application layer exhibit considerable diversity, including diversities in front desk self-service check-in machine, intelligent guest control, intelligent light control, intelligent ladder control, network, information release, building intelligent control, intelligent door lock (access control), green irrigation, garage management, remote meter reading, private wearable equipment, etc. A large number of different standards and resulting solutions and products are also introduced into the network layer and perception layer.

Zhang Xingguo, COO of the China Hospitality Technology Alliance, argued that as a whole, the use of standards lacks the commonness and characteristics of the industry and is rather disorganized and chaotic. For example, some communication protocols in intelligent customer control use Wi-Fi, some use Zigbee, and some use Bluetooth. Even the widely used indoor wireless communication Wi-Fi, which has a relatively high degree of standard uniformity, also has wrong and disordered versions. These versions come with low compatibility and functional commonness, which makes the user experience poor and hinders the performance of sensors and application systems. In general, in the construction of smart hotels, it is common for the sensing layer, network layer and application layer to use chaotic standards.

There are many reasons for confusing inconsistency of standards. The main reason lies in 1) the suppliers’ limitation of talents and knowledge reserves; 2)understanding and cognitive differences on the characteristics and limitations of various technical standards; 3) the non-synchronization between the timeline generated by technologies and standards and the suppliers’ timeline for developing specific products; 4) the technical standard which in itself is also a process of gradual iteration and improvement; and 5) the most important thing is that the hotel industry lacks overall, forward-looking and authoritative guidance on the basic requirements (functions and safety) and technical standards for smart hotel application scenarios.

As far as the hotel itself is concerned, the technical strength of major hotels or hotel groups tends to be traditional IT, namely, traditional Internet technology, and they are unfamiliar with the intelligent hotel control technology and scene design under the emerging IoT technology. Throughout the construction of smart hotels, they mainly purchase products and schemes from third parties. These hotels are quite unfamiliar with various technical standards in the three-tier architecture of the IoT, and of course, they lack a sense of discrimination in choosing standards and performance of products provided by the market. In that case, it is impossible for them to come up with constructive suggestions and requirements.

This situation, accompanied by the diversity (including protocols, architectures, devices and features) generated by different suppliers and different product solutions, directly leads to elevated access costs, low data exchange efficiency, reduced accuracy of process execution, weak background data reprocessing, and weak positive feedback and intelligent control of the system. This has delayed the development of the potential of the intelligent IoT, resulting in a great rise in the application cost of the hotel IoT. What is more noteworthy is that with the introduction of a large number of intelligent application systems, the accumulated security risks (including data security, personal privacy and system security risks) in the perception layer, network layer and application layer are rapidly increasing.

Regarding a consensus on industry standards, Zhang Xingguo thinks: “With the increase of practical activities, we gain more understanding and experience of some technical standards of the IoT and the characteristics they exhibit. We have a thorough understanding of scenarios for innovative hotel intelligent application. Therefore, grasping the adaptability of various technical standards is on the increase and a consensus is going to form. The construction of Chinese-style smart hotels has become the consensus and trend in the current construction of the IoT."

“At present, there are indeed chaotic technical standards in the construction of the IoT in the hotel industry (mainly smart hotels), which also comes as a normal phenomenon. In practice, the need and awareness of standardization can make us avoid detours and improve the effectiveness of construction.” stressed Zhang Xingguo. The diversity of standards can, to some extent, enable the characteristics of different technologies to be effectively put into tests, although such tests may mean great costs for ‘tuition’.

On the one hand, hotels can know more and better about their operation status and the needs of the guests, have better management and meet guests’ potential experience. On the other hand, there also are risks of privacy leaks and data abuse. Therefore, the construction of smart hotels should not only be focused on better unification of technical standards, but also on strengthening and perfection of non-technical data and information management processes and of legal supervision.

When it comes to the consistency of technical standards, Zhang Xingguo pointed out: “We are more inclined to add more principle guidance from the government’s technical supervision department, provide some guidance on the implementation of technical standards as the reference for ICT departments of developers and hotels, and maintain a certain amount of diversified space in the application of specific products and systems. In doing these, we are able to make our IOT intelligent products more distinctive and survive the severity of the market selection.

However, given the key point that IoT equipment is more secure and challenging than traditional networks, the priority is to strengthen the security control legislation for IOT intelligent products (systems). For example, a stricter and more operational non-technical management process for data security should be proposed, including encrypted storage of data, fault tolerance and remote backup of data, interface protection, identity checksum authorization, continuous update of IoT equipment, patches, use and restriction of data and so on. Only in this way can hotels avoid data and privacy crises that are worse than the chaotic diverse standards as they are carrying out intelligent construction of the IoT.

Zhang Xingguo believes that in the process of standards formulation, governments, enterprises, experts and scholars, and hotel industry associations are in different positions, which determines their different roles. One clear thing is that they should do something in the process of IoT or hotel intelligent construction.

Government specialized departments should play a role in promoting and leading the technical standards of the IoT. Industry associations can find problems, promote the establishment of standards, coordinate contradictions and interests, draw up lessons from the past, improve the process of industry standards and the final implementation of standards. Enterprises (including suppliers of equipment and systems, service providers and hotels as users of intelligent scenes and applications) should be duty-bound to carry out scene innovation, make trial-and-error use of standards and technologies and do summary, and practice and implement the established technical standards of the industry and the country.

Experts and scholars are the explorers of the standardization of IOT intelligent technology and the creators of public opinions; they are also a promoter of hotel intelligence. More importantly, it is also necessary for them to have a public mindset beyond the connection to interests and become presenters of new technologies and standards. The most valuable thing is to become a “whistleblower” for the problems arising from the profoundly significant construction of the IoT intelligence for China’s hotel industry.

Source: Tuya