How to Get One Trillion Devices Online

Chris Doran of ARM—the company that designed the chip in your smartphone—explains why security is the biggest obstacle for the Internet of things.

ARM Holdings designed the chips inside almost every single smartphone on the planet. But when the Japanese telecom company SoftBank acquired ARM last year for $32 billion, it had more than phones in mind. Instead, it saw in ARM’s low-power chips the promise of hardware that could connect all kinds of devices to the Internet.

Under the leadership of SoftBank’s CEO, Masayoshi Son, ARM has stated that it will design the chips that will help get one trillion devices online by 2035. That’s a staggering number of devices—over 130 per person across the entire planet—and a limited time line in which to make it happen. At last week’s ARM Research Summit in Cambridge, U.K., MIT Technology Review spoke with Chris Doran, director of research collaborations at ARM, to find out what it saw as the biggest barriers standing in the way—as well as how it might go about solving them.

The following excerpts of the interview have been edited and condensed for clarity.

What are some of the biggest research focuses at ARM at the moment?

One is security, which is pervasive in everything we do now. And there’s also the IoT research agenda. The two are quite closely linked. Most people realize, and Masayoshi Son has been quite clear on this, that IoT won’t happen until security is cracked to the point that people have a sufficient level of comfort [with it]. And not just in security: reliability, trust, and data providence. All these things that are closely related need to be sorted out, and that’s being done by a new research group that’s been formed inside ARM Research, alongside all the other security work going on inside the company.

How realistic is ARM’s IoT vision to get one trillion devices online by 2035?

I think it’s easy to paint the optimistic picture of what, if we get all of this right, it could mean for our future. One trillion devices isn’t an absurd number. But these types of new technology can be very fragile. It’s interesting comparing CRISPR [the gene-editing technology] to genetically modified crops: GM crops had some bad publicity early on, and that essentially killed the area for a while, whereas CRISPR has had lots of positive publicity: it’s cured cancer in children. IoT will be similar. If there are missteps early on, people will lose faith, so we have to crack those problems, at least to a point where the good vastly outweighs the bad.

What are some of the potential missteps for IoT?

Well, you’ve seen cars being hacked and toys that send data, unencrypted, up to the cloud. IoT is getting a reputation for not being safe [see “10 Breakthrough Technologies 2017: Botnets of Things”], and we need to get rid of that problem.

What are some of the big security challenges you’re looking to crack?

There are things that we can do inside ARM, and there are things that we can’t. A lot of security violations come down to people doing dumb things rather than fundamental issues. But there is a bunch of stuff we can do at the fundamental level that will mitigate the number of risks. We’ve been researching with people at Cambridge University on some approaches for many years that look very interesting. And there are other things: how do you establish a fundamental route of trust in a device, from where you can grow out enclaves of safe areas on which to compute? And there are some really fascinating projects being considered by U.S. funding agencies about how you can run computation where you just don’t trust the hardware at all. Those are interesting challenges.

What role might regulation play in securing the Internet of things?

At the moment, we push the [security] problem to the last person in the chain, and that’s probably not going to be the long-term answer. There will be legislation, but commercial imperatives will kick in: toy companies [for example] will quickly lose faith and only buy from suppliers who can guarantee a level of security in their product. You’ll see this more and more: computing is shifting from who’s got the most performant device to who’s got the most energy-efficient device, and the next step will be who’s got the most secure device.