Cybersecurity and the Internet of Things: Time for Biometrics?
IoT is, undoubtedly, making life much more straightforward. Gone is the need to trawl shops, to battle for that last space in the supermarket car park or struggle through the high street with bags full of shopping. IoT lets us delegate important every day, but mundane, tasks to connected goods, leaving us free to focus on the more complex and fun things in life. If your fridge can order the milk for you automatically (and if it doesn’t already, chances are you will in due course own a fridge that can), that’s one less thing to think about on the way home from work in a busy modern life.
Yet like most good news, IoT comes with a few caveats. Chief among these is the issue of cybersecurity.
Who’s charging to your account?
For a connected device to take actions on your behalf, be that a payment when your intelligent fridge re-orders the milk, or a smart TV granting or refusing permission for a child to download or view particular media, there has to be a process of authentication. In other words, the device or provider has to be sure that the right person is making the request, just as they do when you use a payment card conventionally. Your connected fridge has to be sure that it’s you who just ordered champagne and caviar, and asked for the charge to be placed on your account/card, rather than it being your teenager, or the cleaner, or someone who’s hacked into your fridge and made fraudulent transactions. Let’s also not forget that your manufacturer or service provider has to make sure that it is a real fridge and that it belongs to you, so that it knows it is talking to the right appliance. After all, manufacturers need to be able to authenticate that it is the right fridge receiving requests from the right person, as well as authenticating the payment.
As a society we are used to authenticating our transactions, it happens daily. Usually the process involves a PIN or a password — when we use our card in store or check our bank balance, for instance. The problem is, we know that these methods of authentication are no longer fit for purpose. For example, it may be easy for criminals to guess or uncover a PIN correctly, while passwords are also often compromised .
Indeed, the constantly-repeated advice that passwords must be unique, complex, but never recorded, provides a perfect example of why this authentication method has had its day. If forecasts are correct, there will be more than 20 billion devices connected to the IoT by 2020 and a good proportion will be directly connected to payments. Providing cyber criminals with up to 20 billion more opportunities, particularly if those devices rely on outdated authentication protocols.
The answer’s at your fingertips
To secure the things that we treasure, a higher level of authentication is required, one that is entirely personal to us and impossible to replicate. Biometrics are the answer for the burgeoning IoT. Manufacturers of smart goods must look to include fingerprint sensors into connected devices themselves, so that authentication can take place on site, without information being sent into cyberspace. Locally stored biometric data for authentication is virtually impossible for criminals to hack or intercept, and impossible for anybody to replicate in person. The only person who can authenticate an action, permission or transaction, where biometrics are involved is the person whose fingerprint is held as a record on the device.
Biometric authentication will end the concerns people currently have about the implications of devices being lost or stolen, and even sold on. Using biometrics to authenticate gives users a truly personalised and secure IoT experience.
After all, if the time comes for somebody to order several magnums of champagne and kilos of caviar from a smart fridge in your home, don’t you want to be absolutely sure that person is you?
IoT is, undoubtedly, making life much more straightforward. Gone is the need to trawl shops, to battle for that last space in the supermarket car park or struggle through the high street with bags full of shopping. IoT lets us delegate important every day, but mundane, tasks to connected goods, leaving us free to focus on the more complex and fun things in life. If your fridge can order the milk for you automatically (and if it doesn’t already, chances are you will in due course own a fridge that can), that’s one less thing to think about on the way home from work in a busy modern life.
Yet like most good news, IoT comes with a few caveats. Chief among these is the issue of cybersecurity.
Who’s charging to your account?
For a connected device to take actions on your behalf, be that a payment when your intelligent fridge re-orders the milk, or a smart TV granting or refusing permission for a child to download or view particular media, there has to be a process of authentication. In other words, the device or provider has to be sure that the right person is making the request, just as they do when you use a payment card conventionally. Your connected fridge has to be sure that it’s you who just ordered champagne and caviar, and asked for the charge to be placed on your account/card, rather than it being your teenager, or the cleaner, or someone who’s hacked into your fridge and made fraudulent transactions. Let’s also not forget that your manufacturer or service provider has to make sure that it is a real fridge and that it belongs to you, so that it knows it is talking to the right appliance. After all, manufacturers need to be able to authenticate that it is the right fridge receiving requests from the right person, as well as authenticating the payment.
As a society we are used to authenticating our transactions, it happens daily. Usually the process involves a PIN or a password — when we use our card in store or check our bank balance, for instance. The problem is, we know that these methods of authentication are no longer fit for purpose. For example, it may be easy for criminals to guess or uncover a PIN correctly, while passwords are also often compromised .
Indeed, the constantly-repeated advice that passwords must be unique, complex, but never recorded, provides a perfect example of why this authentication method has had its day. If forecasts are correct, there will be more than 20 billion devices connected to the IoT by 2020 and a good proportion will be directly connected to payments. Providing cyber criminals with up to 20 billion more opportunities, particularly if those devices rely on outdated authentication protocols.
The answer’s at your fingertips
To secure the things that we treasure, a higher level of authentication is required, one that is entirely personal to us and impossible to replicate. Biometrics are the answer for the burgeoning IoT. Manufacturers of smart goods must look to include fingerprint sensors into connected devices themselves, so that authentication can take place on site, without information being sent into cyberspace. Locally stored biometric data for authentication is virtually impossible for criminals to hack or intercept, and impossible for anybody to replicate in person. The only person who can authenticate an action, permission or transaction, where biometrics are involved is the person whose fingerprint is held as a record on the device.
Biometric authentication will end the concerns people currently have about the implications of devices being lost or stolen, and even sold on. Using biometrics to authenticate gives users a truly personalised and secure IoT experience.
After all, if the time comes for somebody to order several magnums of champagne and kilos of caviar from a smart fridge in your home, don’t you want to be absolutely sure that person is you?
IoTium raises $13.6 million in series B funding to push forward 'zero touch' for IIoT
IoTium, a Santa Clara-based software provider for the Industrial Internet of Things (IIoT), has raised $13.6 million in series B funding to help fuel market expansion in the US and abroad.
The company, which provides a managed secure network infrastructure for the IIoT, has secured funding led by March Capital Partners, with Honeywell Ventures, JC2 Ventures, Hanna Ventures, GE Ventures and Jupiter Ventures also participating.
The company's ethos is around 'zero touch' - in other words, the ability to scale to thousands of sites in hard to reach locations, such as sensors on an oil and gas pipeline. Regular readers of this publication will be aware of the company after its network as a service (NaaS) launch in May last year. As IoT News put it last year, deployment is solved from both a geographical and network perspective - "no more toing and froing between enterprise IT, operators and firewalls."
At the time, Ron Victor, CEO of IoTium, explained that the goal was to 'let the legacy machine world know' about its strategy. "Everyone from Bosch, GE, Schindler, Rockwell," he said, "all these guys and the Fortune 1000 in that space are either going to have to build an in-house team that has to do routing, networking and security and make a cost centre to be able to connect all the millions of legacy assets out to the cloud - or they can just leverage our service and use it."
Today, the company says its solution is being taken up by Fortune 500 customers in multiple vertical markets, including enterprises in building automation, energy, and manufacturing environments.
"Our vision for software-defined converged infrastructure solutions for IIoT is based on the learning that both flexibility and simplicity are equally important in approaching Industry 4.0," said Victor in a statement. "Organisations must combine elements of security, network, and edge computing in a multi-tenanted, scalable and open way to realise their deployment.
"Our customers and investors recognise that we are the only commercially deployed zero-touch solution to bring these elements together."
IoTium, a Santa Clara-based software provider for the Industrial Internet of Things (IIoT), has raised $13.6 million in series B funding to help fuel market expansion in the US and abroad.
The company, which provides a managed secure network infrastructure for the IIoT, has secured funding led by March Capital Partners, with Honeywell Ventures, JC2 Ventures, Hanna Ventures, GE Ventures and Jupiter Ventures also participating.
The company's ethos is around 'zero touch' - in other words, the ability to scale to thousands of sites in hard to reach locations, such as sensors on an oil and gas pipeline. Regular readers of this publication will be aware of the company after its network as a service (NaaS) launch in May last year. As IoT News put it last year, deployment is solved from both a geographical and network perspective - "no more toing and froing between enterprise IT, operators and firewalls."
At the time, Ron Victor, CEO of IoTium, explained that the goal was to 'let the legacy machine world know' about its strategy. "Everyone from Bosch, GE, Schindler, Rockwell," he said, "all these guys and the Fortune 1000 in that space are either going to have to build an in-house team that has to do routing, networking and security and make a cost centre to be able to connect all the millions of legacy assets out to the cloud - or they can just leverage our service and use it."
Today, the company says its solution is being taken up by Fortune 500 customers in multiple vertical markets, including enterprises in building automation, energy, and manufacturing environments.
"Our vision for software-defined converged infrastructure solutions for IIoT is based on the learning that both flexibility and simplicity are equally important in approaching Industry 4.0," said Victor in a statement. "Organisations must combine elements of security, network, and edge computing in a multi-tenanted, scalable and open way to realise their deployment.
"Our customers and investors recognise that we are the only commercially deployed zero-touch solution to bring these elements together."
