Wirepas Wirepas Blog What is Trust in IoT?

February 19, 2016

What is Trust in IoT?

By Jussi Numminen

The amount of connected devices is growing, and the amount of data they produce is growing even faster. We have great connectivity technologies and new ones are emerging. However, we shouldn’t take the technology as a starting point. Instead we should look at the use case and have trust as the starting point. In the Internet of Things (IoT) availability, privacy and integrity are the main elements of trust.

In human-to-human (H-2-H) interaction trust is based on both emotions and logic. Things associated with trust include companionship, friendship, love, agreement, relaxation and comfort. We are often quite binary about trust. We either trust each other or we don’t.

Trust is, in my opinion, the starting point for any relation - be it personal, business or even machine-to-machine (M-2-M). It is a prerequisite for sustainable business.

When we are discussing about technologies and IoT connectivity, trust is not a binary concept. It is always a question of the business case, requirements and investments. We should take the use case and ask ourselves – what is the level of trust required and with which technology do I achieve that?


The requirement for availability obviously varies between different use cases and IoT applications. In some cases the lack of availability won’t result in dramatic consequences but in others it might be critical. However, the user needs to have a realistic expectation of the availability of the network.

Let’s take cellular network as an example. It has by far the largest coverage on the planet and it has very high availability. However, the cellular service promise isn´t a 24/365 availability, everywhere. One of the main reasons for this is that its architecture allows for a single point of failure.

In a de-centralized mesh network, the single point of failure is avoided by design. Single node failure does not result in a system wide collapse because other nodes will still be able to operate and deliver data. This is a great advantage in critical use cases.

Another important question to consider is: Where is the data consumed? Is it consumed locally or remotely? Using wide area communication for local data consumption introduces a single point of failure risk for business.

I argue that, from an availability point of view, autonomous device networks with de-centralized architecture offer the best availability. I also argue that when applicable, the data should be stored, analyzed and used locally to optimize availability.

Privacy and integrity

The number of connected devices will be massive in the future. At the same time the challenge to manage, identify, authenticate and authorize data properly will be significant. No-one has “the silver bullet” for defining one single trust model for device connectivity in different use cases.

When managing data one has to consider the context where the data is produced in order to be able to conclude whether it introduces any privacy issues. IoT networks transfer sensitive data that require high privacy. Privacy in terms of data protection is needed when people consume electricity or water, as an example.

The third element of trust that I want to address is integrity. It is equally important as availability and privacy. How can one be absolutely sure that the data is correct? How can we be sure no one has manipulated the data for his or her own benefit or just for the reason of causing harm?

In distributed energy generation for example, households can generate and sell energy to the electricity grid. For these households it is critical that the energy they generate is refunded correctly. This requires reliable connectivity and data management between energy producer, consumer and the utility.

The complexity of IoT, the pace of new innovation and the diversity of use cases makes any centralized connectivity solution extremely difficult to manage – especially when it comes to trust. I argue that autonomous de-centralized device networks are the solution for large-scale IoT. The operations of the network can be optimized according to the use case, and the crucial elements of trust can be addressed efficiently.

This model would also enable isolation between different device networks, which is valuable in case of compromised system security. In case there would be units sending malware, it is beneficial if the applications are isolated. A monolithic solution spanning the whole IoT application scene, on the other hand, comes with enormous risk. The de-centralized  trust model is much closer to how we, humans, communicate without third party involvement.

In nature things organize themselves in the most efficient, optimized and simple way. The things are communicating making autonomous decisions based on the de-centralized protocol that is optimized to fulfill the need as efficiently as possible – nothing more, nothing less. This is what we believe in and aim for. Things connected – Naturally.


– Jussi Numminen, Head of radio strategy and IPR, Wirepas –

P.S. The March Wirepas blog will discuss another challenge within IoT technologies, Future-proof or not.