Founding father of the Internet Vint Cerf has issued a challenge for security researchers to ensure that the surge of devices hooking up to the Web in the so-called “Internet of Things”.
Cerf, who is now an evangelist at Google, said an identity-led system would bring security to the world’s connected devices, speaking at RSA 2013 in San Francisco. Cerf’s suggestion is for a system based on devices that can generate a truly unique public-private key pair. The private key cannot be extracted without destroying the pair, and could not be computed from the public key. It should also be able to encrypt or decrypt “digital objects” on demand.
It appeared Cerf wants public key infrastructure at the heart of how identity works on the Internet of Things, with little standardised chips in each device initiating secure communications.
The overall aim is to “design a system that capitalises on the strong authentication property to configure either closed or open systems to manage or access authenticated devices”, on a massive scale. “The ideas may even turn out to be stupid. They might be about simple ideas to make things more likely to work,” Cerf admitted.
“We should be very thoughtful right now about the fact that a lot of these devices are going to be part of our environment and a lot of them are going to need to be managed.”
He backed the idea of third parties given control over certain areas of the Internet of Things, such as home entertainment systems or energy usage, to provide greater efficiency.
Cerf also supported the use of strong “pseudonymity”, where pieces of information about people are given away, but not enough to figure out who they are. Where someone wants to know more about another, if they were after a loan, for example, a trusted authority could be contacted, which can verify certain things about Internet denizens, he suggested.
“We don’t need to bind identity and identifier, we can keep those separate.”
The idea of psudonymous data has been used heavily in submissions to the European Union on privacy from the likes of Google and Yahoo. The Internet giants argue that pseudonymous data allows them to make use of Internet content without infringing people’s privacy – something which privacy advocates argue strongly against.
Are you a pedant on privacy? Try our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…
View Comments
The number of detected mobile malware attacks continues to skyrocket. McAfee counts over 36,000 mobile malware threats—almost entirely targeting the Android OS.
Think twice about having Android in your stuff.