Sam Yu and the challenges for a Secure Internet of Things
I met Sam Yu in Seoul. A native Korean, Sam moved to the United States at age 17. He studied at the State University of San José and at the prestigious Stanford University where he got a Master degree in Engineering Management. Back in Korea, he spent no less than seven years, he says, on establishing a joint venture between two burgeoning companies, Samsung and Hewlett-Packard. He then later was the CEO for Microsoft Korea for many years.
Watch the interview
A Student of the Technology Adoption Lifecycle
When asked if he became a techno guru, Sam Yu answers by defining himself more like a “student of the technology adoption lifecycle.” This is a reference to Geoffrey Moore’s theory of how an innovative technology or product will spread to different customers groups, such as the “early adopters”, the pragmatists and others. Yu specifies that Moore’s theory gave him a framework, not only about the target audiences of the products he was working with, but also on how to teach others to adapt themselves to their own audiences.
In the 90s Yu was appointed general president of Microsoft Korea. While busy with his appointment, he still found time to translate Moore’s main book, Crossing the Chasm: Marketing and Selling High-Tech Products to Mainstream Customers, in Korean. “I did some evangelizing of Moore’s theory”, Yu jokes, “and this allowed me to rub shoulders with Moore” as well as other unexpected benefits.
The seasoned computer expert claims that the technology adoption cyclical framework still applies today. Namely, he believes the next big thing to be the Internet of Things (IoT), or the general phenomena of inter-networking between physical devices, vehicles, buildings and other objects of the physical world. The IoT has a great potential for development. However, Yu warns, it still has two major problems to solve.
The Big Challenges of The Internet of Things
First, objects from different manufacturers have to work together smoothly. What if one has a LG mobile phone, a Samsung dryer, and a washing machine from yet another company – all these corporations being rivals and perhaps more prone to fighting each other than cooperating? “It has to work harmoniously”, states Yu. Interconnected objects must be endowed with interoperability or compatibility. For it to happen, companies must work together more closely, something Yu finds difficult to foresee.
The second problem has to do with security. The root of trust, a staple when it comes to the security and trustworthiness of any connected object, is lacking. “The technology is not there” yet, Yu says. “Apple phones, Qualcomm chipsets had transiting credit card numbers hacked” because the encrypted numbers and decryption keys were stored in the same place. When it comes to the Internet of Things, risks are even higher. Suppose a car that could be set in automated driving mode: if someone manages to stole the owner’s digital identity and get a remote access, then the car could go completely out of the owner’s hand and be used as a weapon. A valuable root of trust should let no room for potential manipulation. Nowadays, such security is not up for sale.
The Root of Trust
This is where the project Yu is currently working on comes in. Namely, Yu is into semiconductors that can be endowed with a particular identity among an indefinite number of possible combinations. Such hardware devices would be the only guarantee that a particular connected object would listen only to its proper owner and to no one else.
How does it work? Semiconductors are made either exactly similar or with very small, yet noticeable differences, which would be enough to give each of them an unfakeable identity. These objects are Physical Uncloneable Functions (PUFs). Their sheer presence would prevent any software intruder from taking over. Hardware-wise, only the very semiconductors Yu is working with are beyond any possibility of physical cloning. These devices would mark a tremendously important security advance and should reach the market at the end of the fall 2017 or next year. “This is a worldwide-scale contribution to IT technology”, Yu adds, without refraining his enthusiasm. For even more security, many of these can be used on a single object: a small electric car could have no less than 60, 120, or even 250 chips on it, as to ensure an optimal protection from physical cloning.
Unduplicatable, Unmistakeable, Unfakeable
As Bruno Marion specifies, billions of billions of billions of these chips could be produced each year. Each of these has a single, recognizable identity. An overwhelming number of possible combinations that would also be distinctive and unique, just like fingerprints or DNA.
This technology has, obviously, many potential uses. Any object could be surely identified – homely or nomadic objects as well as pets, or, say, even individuals provided that one would accept having a chip surgically placed underskin. Unduplicatable, unmistakeable, unfakeable, Yu states.
Recalling Moore’s framework of technology-adoption, Yu emphasizes that the IoT is only an early stage at this moment. It will be implemented small-scale, on homely objects and niche markets. Connected objects and their security-guaranteeing chips still have years ahead before they should reach the mainstream. As of today, the bulk of consumers may be frightened by repeated hacks on objects that still lack the proper security technology, and they must be reassured before they step in.
Yu also criticizes the Big Data craze. Companies like Amazon, Facebook or Alibaba.com, which are at the forefront of it, would have a “biased” view of the market because they only sample their own customers. Is there such a thing as a really representative sample? Even if such companies have a huge base, there are also many non-users who are never taken into account by the so-called Big Data. Thus, as the Internet of Things aims wider, it might uncover still unplanned consumers or phenomena. Perhaps black swans hide behind the corner.
How to Be Future Ready
When asked if he would have something personal to say to future-ready young individuals, Yu remembers three questions the HP top executive Mr. Packard asked when Yu hosted him in Korea. These questions are as follow:
- what contribution are you making?
- what are you learning or have learnt with the project or company?
- and, last but not least, are you having fun along with your work?
Yu recalls how he repeatedly asked these very questions in turn to his own employees or younger people. “I always had good responses”, he says. Yu also noticed that he starts asking himself again these questions when he starts reaching the limits if what he is doing. “If I start asking them again, well, maybe it is time for me to change job.” And indeed, Yu adds, until today he managed to change job or the scope of his job every 3 to 5 years.
All these questions tackle something crucially important in life, Yu says. Contribution-making is essential: “when you are merely a taker, people do not respect you.” Thus one must have a sense of purpose, of doing, and have an idea of why one does what one does. The learning aspect matters as well. “Growing, psychologically, spiritually”, becoming more knowledgeable and experienced, are part of a healthy process.
Finally, Yu states, one must have fun while working. This may not be the most emphasized element of career building or work in general, “but fun has to be there, too.”
To learn more about Sam Yu’s project visit ICTK website