Our fridges automatically re-order milk. Our fitness trackers prompt us to do more exercise. And our smoke alarm calls us when there’s something wrong. The personalised services wrapped around hardware is thriving in the Internet of Things (IoT) – and with it the rise of subscriptions to these services. However, while IoT data is used to make our lives more convenient, more entertaining and more productive, the glitter surrounding IoT is often dimmed by legitimate security concerns, and it’s not without reason: IoT put into the wrong hands could lead to very undesirable results.
Consider how car break-ins are done in the past and in the future. With a car that is not connected to the internet, the car’s physical security is at risk and customers may bear the loss of a music system or personal valuables. With a connected car, we are talking about a systemic cybersecurity threat with results that could be as severe as remote hijacking with you still in the driver’s seat. This is one example of where a lack of security poses life-threatening dangers. As more and more devices around us are connected to the internet, we become more susceptible to these types of threats.
Safeguarding the realm of IoT requires applying two basic principles of information security: strong authentication and secure communication. The current leading solution to apply these principles has existed for decades in the form of Public Key Infrastructure (PKI).
PKI is a foundation of trust that enables security by providing strong authentication and encryption services.
Take the connected car from above as an example. Communications between the car and its connected services needs to have strong authentication. The car system must not accept commands from a third party without properly ensuring the commands actually came from an authorised user of the car. One way to mitigate this risk is to perform mutual authentication where the car authenticates the service, and the service authenticates the car.
In addition to strong mutual authentication, devices need a secure channel to communicate with the service to ensure confidentiality and integrity of data. This can be implemented using high-strength encryption protocols between the device and connected services. Digital certificate and asymmetric encryption technology enables such strong encryption when devices and services are configured to leverage them appropriately. The common technology that enables strong authentication and secure communications leverages PKI.
When you use a computer to connect to an internet service such as your email, you would normally input a username, password, and in some cases a token for authentication. Because most IoT devices have a small form factor, they do not possess interfaces such as a keyboard. This is where PKI becomes the solution. With PKI, a device can have a digital certificate installed and managed by a secure service that allows the device to mutually authenticate without further human interaction.
Consumer demand is pushing companies to launch innovative, personalised subscription services that rely on data, so there is no longer any doubt that security must join physical safety at the top of every IoT company’s primary consideration. The Jeep Cherokee hack wasn’t just a wake-up call for the automobile industry – it was also a lesson for all companies with devices that connect to the internet.
John Phillips is VP EMEA at Zuora.
What do you know about the Internet of Things? Take our quiz!
Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…
Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…
Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…
Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…
Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal
Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…