Internet of Things – Beware

Bruce Morton

We are now moving into the deployment of the Internet of Things (IoT).

IoT is an attempt to attach uniquely identifiable devices to the existing Internet infrastructure. The connected devices will allow you to receive better information, control items and, simply, just do fun stuff. How many will be connected by 2020? Gartner estimates 26 billion devices and ABI Research estimates 30 billion.

But there are a number of security concerns. Recently, a simple thing like a light bulb was designed and deployed insecurely. The light bulb could be controlled by a mobile app. The house could have many light bulbs connected, but only one needs to be connected to the network. The one light bulb would interconnect to the other light bulbs and provide any security information. The problem was this information was provided insecurely.

I’m sure the light bulb manufacturer was trying to deploy the light bulbs easily, but beware. If it is too easy to set up, then is it secure?

I know people will complain that security is slowing things down, but let’s get it straight, security is an enabler. For instance, if you want to go fast in your car, what do you need? For starters, how about brakes, seat belts and airbags? This allows you to go fast, but also mitigates the risk of high speeds.

The same is for the Internet. If you want to enable transactions on the Internet, then you need to trust the identity, authorize the identity and secure access to the information. If you address security, then you can allow those transactions to happen without giving up privacy or convenience.

Experts suggest to use existing open security standards. Internet standards for SSL/TLS and OAuth (authentication standard) provide proven protocols.

IoT is still in its infancy, but it does look like some groups are forming and, hopefully, they will develop standards that address security:

  • Allseen Alliance hosts AllJoyn, which is the open-source project that lets the compatible smart things around us recognize each other and share resources and information across brands, networks and operating systems.
  • Open Interconnect Consortium, which states, “We want to connect the next 25 billion devices for the Internet of Things” and “We want to provide secure and reliable device discovery and connectivity across multiple OSs and platforms.”
  • Thread Group says, “We wanted to build a technology that uses and combines the best of what’s out there and create a networking protocol that can help the Internet of Things realize its potential for years to come.” They also use the words “always secure.”

Hopefully the groups will push each other to make interconnectivity easy and secure and we don’t end up with Betamax versus VHS.

Bruce Morton
Bruce Morton
Director, Certificate Technology & Standards

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.

0 Comments

Add to the Conversation