UPnP Forging Path To IoT: Standards, Certification, Horizontal Integration

Universal Plug and Play is the original Internet of Things, in a way. Devices sharing media and information is the basis of IoT, so it is no wonder that UPnP hopes to shape IoT in the near future.

If the Internet is the Wild West, then the Internet of Things is the Space Frontier. IoT is full of possibilities, from the types of batteries used to power each object to the method of communication in a network. It's impossible to pin down just about anything concrete about it, other than the connectivity of basic objects. With connectivity comes a need for standardization.

Standards, Standards, Everywhere

UPnP uses the same standards and protocols to connect devices as other node-to-node technologies, such as IP and HTTP. In order to connect, a device acquires an IP address and uses HTTP to facilitate communication from device to device. It's meant to be a simple and easy way to stream content from device to device, rather than routing data or communications through the cloud, which is a central feature of the Internet of Things.

And this is why the UPnP Forum is a group to watch in the future, because it hopes to insert its technology and standardization into new IoT devices from a variety of companies, rather than work locking things down with proprietary technologies. This is a horizontal integration tactic that should pay off in the future compared with entities that are more focused on vertical integration technologies and the resulting lockdown.


Not so long ago, UPnP was considered a security risk, and for good reason. In essence, any device could connect to a network, acquire an address, and stream media from any device in said network. Through its new device architecture and device protection, however, the UPnP-activated device no longer assumes that any object in the network is safe to communicate with.

According to UPnP Forum representatives, not all devices within a network will have the ability to support cryptography or certain device architecture, and this could be a potential problem. After all, your chain is only as strong as your weakest link, and if a device can't encrypt its messages, that is dangerous for a network.

But devices in the network that don't support cryptography are likely going to be devices that sit low on the hierarchy. Take for example the "connected toaster" (a favorite foil when discussing IoT). In this example, a connected toaster sits rather low on the totem pole in terms of communication. Is your personal Internet of Things network as weak as your toaster? Can a hacker get to your data through your weakest device?

It's not likely, considering a toaster won't even have that level of access to itself, let alone to another device in the network. In other words, devices like toasters and light switches aren't necessarily mission critical, and they aren't "smart" enough to need (nor can they support) special security measures.

When broadly considering the Internet of Things, security issues will most likely lie in the standardization between parties. If all devices have different standards of security, each device will have to trust that the certification of each device is legitimate.

To that end, the group rolled out its UPnP+ initiative to ensure security and interoperability across platforms and devices with current and evolving standards. You can learn about the program here.

Barriers To Adoption

The biggest issue that the UPnP Forum faces in the burgeoning IoT market is simply being noticed for its work. Currently, convincing OEMs to spend more money than is necessary to equip their devices with UPnP technology has proven difficult.

IoT is a vision that is constantly changing. Mass adoption appears to be a matter of if and not when, but the path towards a mature IoT market is not yet a clear one. The UPnP Forum's strategy of horizontal integration is likely a sound strategy going forward.

Update, 5/11/15, 8:15am PT: Adjusted references to UPnP Forum for clarity.

Follow us @tomshardware, on Facebook and on Google+.

  • Vistouf
    Your new add on mobile is an utter failure. I have to scroll this sh!t all the way across the screen to keep reading? What do you think I can't see it? I can see the static adds, and I can see that you are taking away my control over the Web page.
  • wtrj
    This is a good approach to horizontal integration. Instead of locking customers down to certain standards -- which doesn't seem to be the best idea given the huge array of potential uses of IOT devices -- standardizing WITHIN devices will likely work well. If a property owner has several properties within a relatively close but not down-the-street range, he/she could use a wide-area network (www.link-labs.com's Symphony Link or perhaps Sigfox) to connect UPnP devices.
  • AnotherPoster
    When you see the page-scroll ad, just scroll the opposite direction. Alternatively, configure your device to use a proxy script to block the ads by redirecting the downloading of them to a null address. A script like http://shion.ca/ios/adblockpub.js

    Also, it isn't the site's fault. It's the ad company's fault. They designed it, deployed it. Tom's Hardware just uses the service.
  • ianj14
    OK. Silly idea time: wouldn't it be better for our IoT devices to be able to register with a chosen central hub/server, and only be allowed to connect to one such hub/server at a time? In that way the hub/server controls the comms between devices and with the internet, effectively acting as a 'firewall' for the IoT devices? Why do these things have to have independent unregulated access to every other device and the internet as a whole?