We have come a long way since the GPS watch. Now cities like Barcelona use sensors to monitor everything from noise pollution to waste management. We are on the brink of smart cities, smart clothing, smart farming, house automation and even the IoMT (Internet of Medical Things), which promises to radically improve healthcare. We live in the digital era of hyperconnectivity. According to Gartner1, we can expect that in 2020 more than 20 billion devices will be connected to the Internet. This implies a dramatic improvement in technology and the creation of an amount of data never seen before.
The Internet of Things (IoT) is the network of objects that can connect to each other via Wi-Fi, Bluetooth or any other communication protocol. Following this new technology boom, new threats are also emerging. Having objects that can sense, measure, communicate, act, compute, store information and process actions non-stop opens up a world of possibilities. But we are also creating an infinitely large surface that requires protection. Via the IoT, threats are moving from the digital to the physical realm and the targets of malware are multiplying. The concepts of ownership, freedom and privacy are changing on a daily basis. In the wake of this monumental technological and industrial evolution, we need to create a secure, qualitative and reliable relationship between users, connected devices and applications.
In this two-post blog series, my colleague Juan Asenjo from Entrust and I talk about the need for creating an environment of trust to maintain the benefits of the IoT. In these blog posts, we look at how a public key infrastructure (PKI) -based solution for managing the authentication and confidentiality for users, devices and networks are crucial to data integrity.
PKI can protect communications and determine the role of each entity and its rights in an ecosystem. PKI software coupled with a hardening automation solution like an HSM (hardware security module) provides a highly-secure solution. Read Juan’s blog post “Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke“ to see how using certified HSMs as the root of trust creates an ideal secure environment for the IoT ecosystem.
Even though IoT devices are multiplying in all industries, users are still mainly using static passwords or PINs to protect their devices. Users are, in the last instance, responsible for keeping data and devices secure, which is not without its dangers. In addition to educating users about the dangers of the IoT, physical measures must be taken.
We also need to take into account another transformative aspect that can be a source of malicious activity. Devices are now able to make decisions and act alone with minimum, or no human intervention. Only one sensor needs to be deactivated or receive false data for all the other devices to be rendered useless.
It’s All About the Data
According to John Fruehe (Forbes Magazine), “IoT is about data, not things”. Authentication and integrity of data turn out to absolutely be key in this market and the good news is that highly-secure solutions are now available to protect every layer of the IoT ecosystem. In our business, integrity, authenticity and confidentiality are the three commandments of the secure IoT.
That is all well and good, but governments have yet to fully grasp the extent of this revolution. While they have passed new regulations on personal data protection (like the GDPR), they are struggling to adapt to the wide and disruptive scale of the IoT. Either way, it is vital to trust the data integrity in the IoT ecosystem as strategic decisions are mainly taken from data-based analysis nowadays. However, thanks to the IoT and the uninterrupted creation of data flows, organizations can define sources of improvement and areas of optimization. It is essential that they can rely on a trusted, connected environment, and securing data with certificates and encryption ensures protection and consolidation of the emerging source of income.
PKI-based solutions provide a mechanism for handling device credentials and data encryption. By using an infrastructure of private keys, we can preserve the accuracy and consistency of the data throughout its entire life-cycle. This is critical in the IoT as connected devices create an action chain for one another based on exchanged information.
Thanks to certificate management and encrypted communication, we can make sure that a device is defined as what it claims to be, and that the data is not intercepted, altered or interrupted. As it is registered, we can manage its credential and thus make sure that the trust environment is up-to-date and intact. The authority holding the public key infrastructure and its interoperability with devices is crucial because it manages the data that can be made available and guarantees the confidentiality of the entities.
Putting PKI to work in the IOT
Safelayer and nCiper Thales have teamed up to create a secure solution where PKI credentials and private keys can be stored separately in a protected hardware environment. The use of an HSM ensures the trustworthiness of the PKI and the systems it supports.
The IoT has created new ways to use PKIs and digital certificates. And because of its versatility and scalability, PKIs are a reliable solution for the IoT, which requires verifying chains of certificates on a large scale. Using a PKI solution in a sensor environment that facilitates a threat-free system at every IoT tier is the key to turning data into gold.
Safelayer secure communication is a leading provider of PKI-based solutions and trust services. It is deployed with a large range of partners for cloud-based and on-site certificate issue. To learn how to apply robust device identification and data integrity to ensure you can confidently embark on your IoT journey, visit Thales and Safelayer. We are happy to welcome Juan´s blog post this month! Don´t forget to read it.