Securing IoT

Ah, security. It is the dulcet tone of a symphony that we play over and over in the IT world. IoT (Internet of Things) and the myriad of connected devices allow us some intriguing security options. For example, in a mesh array of sensors, you could effectively force users to correctly identify themselves more than once. A user would identify herself repeatedly, but you wouldn’t prompt the user more than one time. By using an array of sensors, you could effectively determine the employee’s identity many times before she has even entered your facility. Or, for that matter, before the employee has put her badge in the badge reader to enter the building.

Facial recognition using IoT video sensors is a quick and easy solution. I see you. I look you up. I know who you are and let you through to the next array of sensors. But I can also measure your voice as it has a unique timbre, analyze your particular speech patterns, and measure your gait. The very way you walk can also be used to not only determine you are who you say you are, but can also be used to verify you should be where you are.

You can deploy these sensors in places people wouldn’t suspect them. Parking lots make for great places to observe someone’s gait. You can do further security checks as they stand and wait to get their bags checked or to get visitor badges. You record and identify their voice. You could even use the unique identifier that is the IMEI of a cellular phone to determine if someone is who they say they are. You can steal someone’s phone but not their voice and gait. Even the most practiced mimic is off just enough that we are able to tell the difference.

Previously, I wrote about the internet of illness. The end game in that scenario involves your employer scanning you as you ‘badge’ into your Workplace, or greeting you at the visitor entrance, and then basically telling you to go home. You are sick, the system tells you. Come back when you are well. So you take a sick day or work from home, and the infection stops with you. Instead of walking into the office and infecting 200 people, you stay home and infect your cat. The same can be applied to people entering a building.

These sensors allow you to have good solid security at your entrances quickly. Over time, organizations can share data about people that visit them. The US Government and other governments could sell security information about the gait, voice, and other attributes that can be quickly captured. Imagine security of the day after tomorrow. You are asked to step into a booth; the booth has a camera and a microphone. You are asked to say three sentences. A single ding and the door opens and you pass through a metal detector. The booth finds no weapons, no threat, and that you are who you say you are.

Ah, security. You could, in cases where there are other issues and concerns like bombs and other risks, create artificial barriers to walking up the walkway to your building and add bomb and chemical sensors to the solution as well. Expense, however, is always the issue in terms of security. You can’t spend so much money on security that you bankrupt the company. Likewise, you can’t spend so much time and energy that the organization can’t get any work done because it takes a half hour to get from your car to your desk (even though you only travel a total of 10 feet).

IoT devices will add a great deal of information quickly for people that end up staffing visitor desks. It will allow organizations to increase the safety of their workers by reducing the number of ways you can get weapons or dangerous devices into the building. If they somehow get past the entrance, you can lock them into stairwells or shut off elevators and let them know you know they have a gun or knife, and that you have notified the authorities. The application of security for and of people is a great use of IoT sensors and devices, and can be effectively utilized while still managing costs. It will increase the overall security of your building and people greatly. You can have people log into the system over and over again, without them having to sign in more than once!

By Scott Andersen