News and updates
Whatever it is, it needs security
Dr Michael Scott
The ubiquity of “things” is both a strength and a weakness when considering the potential of the Internet of things. The possibilities of what can be connected are, literally, endless. Firstly, there will not be just one IoT, there will be multiple, and each will differ and be largely disjointed from the rest. The things may be identical or different in terms of computing capability and overall significance. The things may be mobile or stationary, and it’s not immediately clear if security will be an issue in every use-case.
Here’s an example to put things into perspective:
The year is 2030. I am in the supermarket doing some shopping. I run an app on my phone, which connects, to my kitchen at home. I ask the kitchen to check if I need some tomato sauce and chicken. The kitchen checks with the cupboard, which does a check on its own contents by broadcasting a short-range signal, which interacts with passive tags, connected to the contents. There is nothing there, so the kitchen queries the fridge and the deep freeze and gets back to me with the answer. I’m out of chicken but I have plenty of tomato sauce. I get into my car to return home. As I drive, my car communicates with other nearby vehicles and picks up news of a traffic jam. This is also communicated to the traffic lights, which encourage me to take an alternate route. I get home feeling slightly flustered, and my pacemaker alerts my “robodoc.” My robodoc checks my pulse and blood pressure (from the monitors built into my wrist watch) and advises me to take it easy, and it tells the kitchen to recommend me a low calorie meal, as it got some bad news from my bathroom scales this morning.
Now, let’s try that again without security …
I am in the supermarket doing some shopping. Unknown to me an advertisement-drone has passed over my house and eavesdropped on my last interaction with my kitchen, and my phone starts bombarding me with ads for products based on what I apparently need. It has also hacked my bathroom scales and sold my details to every weight-loss clinic in the area. I end up buying a lot of stuff I don’t really want or need. I get into my car, but some kid who lives close to an important intersection has started broadcasting bogus news of non-existent traffic jams in all directions, and all of the traffic lights are red. The same kid gets kick-backs from weight-loss clinics by directing overweight people to drive past their advertisements. Eventually I get home, but my ex-wife has hired a guy who is parked outside my house to hack my pacemaker, and I drop dead.
So, yes, security is important in almost every context, but how can it be implemented? The problem with the original Internet was that security was added on as an afterthought and not designed-in from the start. So the bad guys have nearly always managed to stay one step ahead. For an Internet of things, we need to design-in security and get it right from the get-go.
The solution is conceptually quite simple. Each thing must be able to communicate with every other thing such that (a) the communication is encrypted, and (b) the communication is mutually authenticated. Furthermore, at that point when a real person must interact with an IoT, that person must be authenticated to do so. What is needed is for each thing to be deployed with a single built-in secret that permits it to perform authenticated and encrypted communications with every other thing.
People must use a two-factor authentication method based on strong cryptography to talk to their IoT. When such important things as pacemakers become connected “things,” we can’t rely on out-dated, easily hackable username and password authentication systems.
Given the fact that this could be a life or death situation, the system must have no single point of failure. This is achieved by distributing the important cryptographic keys. Cloud-based infrastructure provides a rock solid back-stop against attacks on an IoT by generating and protecting a part of these keys, while the IoT owner retains control over the other part. One part is useless without the other, and hence there is no single point of failure.
Mike Scott is Chief Cryptographer at MIRACL. He was previously Head of Department in the School of Computing in Dublin City University, Ireland. He lives and works between Dublin and his rural dacha near Ballyjamesduff, County Cavan. He hates smartphones and loves to cut grass and drink Guinness.