Michela Menting

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem

It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls systems, retail terminals and scanners, and kiosks to medical devices, heating and lighting systems, connected homes, and smart cars.

Identity and authentication for the IoT enables the use of foundational information security concepts, including confidentiality, integrity, availability, authentication, and non-repudiation. At the core, identity binds credentials. It allows an operator to well manage IoT devices, define access, set policies, and secure communications to protect devices and data. But within the Identity of Things (IDoT), how does one clearly define the credential and the accompanying authentication and encryption services?

Identity and Access Management

The Cloud Security Alliance (CSA) first raised this issue back in September 2015 when the organization released a Summary Guidance on Identity and Access Management (IAM) for the IoT. Within the document, the CSA emphasized the importance of properly identifying things in order to enable authentication, encryption, and data integrity in an ecosystem. Currently, there are more than 20 different study groups, consortiums, alliances, and standards initiatives working toward creating a secure framework for the IDoT.

connected-iot

(Image Source: Shutterstock)

Issues such as scale, power and computational constraints, ruggedized requirements, energy limitations, increased number and variation of connectivity protocols, and cost factors, among others, make it difficult to simply impose a legacy enterprise IAM or credential management solution. Furthermore, while scenarios for IoT authentication are numerous, there are three notable challenges: token-based authentication currently only works for HTTP, symmetric key mechanisms require input at manufacture, and standard Public Key Infrastructure (PKI) is generally considered impracticable for constrained environments.

Cybersecurity Obstacles 

The three obstacles are ones the cybersecurity industry is working diligently to overcome. For token-based authentication, new methods need to be devised for all the new connectivity vectors (cellular, Bluetooth, Wi-Fi, NFC, RFID, etc.), either as one, convergent authentication method or one for each vector. Both approaches will require significant research and development.

identity

Alternatively, and with some modifications, symmetric key mechanisms can be adapted for the IDoT. For example, Digital Short Range Communications (DSRC), used in vehicle-to-vehicle communications, supports a much smaller certificate structure than the standard X.509. Meanwhile, the use of certificates requires some form of central mechanisms and management structure, such as PKI. In fact, many (and notably certification authorities) tout PKI as the contending standard for identification, encryption, and authentication of IoT devices, but traditional PKI does not scale well for the IoT. A more dynamic key architecture may need to be developed. Essentially the method chosen will depend on the constrained devices in question and their respective environment.

From a private sector perspective, a number of firms are already promoting authentication, identity, and related management services to address the challenges head-on. The movement in the private sector is dynamic, with numerous firms—from startups to big players in the enterprise IAM and authentication and key management space—investing in the IoT market. While some are offering data-centric security platforms for IoT and M2M, others are developing cloud-based IoT security platforms to create and manage digital identities. The solutions are wide-ranging and varied.

In all, the IDoT market opportunity is still nascent, but it is evidently expanding quickly. Most pressing is the development of adapted identity solutions. These solutions will need to revolve around data centric encryption, dynamic certificates and key architecture.

By Michela Menting

Michela Menting

Michela Menting, Research Director at ABI Research, delivers analyses and forecasts concerning digital security. Through this service, she studies the latest solutions in cybersecurity technologies, critical infrastructure protection, risk management and strategies, and opportunities for growth.

Her past experience includes working as a cybersecurity policy analyst for the United Nation’s International Telecommunication Union in Geneva, Switzerland.

Michela obtained both an LLB in English and French Law and an LLM in Information Technology, Media and E-commerce from the University of Essex.

View Website

CONTRIBUTORS

CIO’s Guide To The New Economics Of Real-Time Integration

CIO’s Guide To The New Economics Of Real-Time Integration

CIO’s Guide To The New Economics CEOs’ decisions today to pursue digital-first strategies for greater revenue growth are defining their ...
Insights From AWS Reinvent: Three Steps To Ensure Cloud Propels Your Digital Business

Insights From AWS Reinvent: Three Steps To Ensure Cloud Propels Your Digital Business

Insights From AWS Reinvent It was an exhilarating experience at AWS invent, from learning about all the innovations by Amazon ...
Cross-Site Scripting - Why Is It A Serious Security Threat For Big Data Applications?

Cross-Site Scripting – Why Is It A Serious Security Threat For Big Data Applications?

Security Threat And Big Data Applications IBM, Amazon, Google, Yahoo, Microsoft - and the list goes on. All these leading ...
Matthew Cleaver

Identifying Threats and Trusting a Third Party with Your Data

Third Party Data With data security breaches and identity thefts increasing every year, it is important for businesses to consider ...
Using Cloud Analytics To Improve Customer Experience

Using Cloud Analytics To Improve Customer Experience

Evolution of Cloud Analytics Moving data to the cloud, once considered a strenuous task, has now become commonplace in most ...
Is Your Data Safe In The Cloud?

Is Your Data Safe In The Cloud?

Cloud Data Safety This year has certainly been troublesome for businesses when it comes to data security. Numerous cyber attacks ...
AI

These U.S. Counties Are The Best At Using AI For Their Citizens

AI For Their Citizens Every year, the Center for Digital Government conducts a survey of every county in the U.S ...
Mitigating Cyberattacks: The Prevention and Handling

Mitigating Cyberattacks: The Prevention and Handling

Mitigating Cyberattacks New tools and technologies help companies in their drive to improve performance, cut costs and grow their businesses ...

NEWS

OVH Announces New Hosted Private Cloud Offerings for US Market

OVH Announces New Hosted Private Cloud Offerings for US Market

OVH delivers next-generation services for hosted private cloud, disaster recovery, and hybridity leveraging industry-leading solutions RESTON, VA--(Marketwired - Nov 20, ...
EU privacy regulators to discuss Uber hack next week

EU privacy regulators to discuss Uber hack next week

BRUSSELS (Reuters) - European Union privacy regulators will discuss ride-hailing app Uber’s [UBER.UL] massive data breach cover-up next week and ...
HPE CEO Whitman's surprise exit stumps Wall Street

HPE CEO Whitman’s surprise exit stumps Wall Street

(Reuters) - Shares of Hewlett Packard Enterprise Co (HPE.N) fell 6 percent on Wednesday after Chief Executive Officer Meg Whitman’s ...

SPONSORS

How Printers Help Hackers Hide In Plain Sight

How Printers Help Hackers Hide In Plain Sight

Printers and Hackers Spies and thieves often do their best work by hiding in plain sight. No one suspects the ...
What Is Really Driving Cloud Adoption?

What Is Really Driving Cloud Adoption?

Driving Cloud Adoption Cloud adoption is growing at an astounding rate, with companies big and small undergoing digital transformation towards ...
Hybrid IT Matures Just In Time To Tackle Complex Challenges

Hybrid IT Matures Just In Time To Tackle Complex Challenges

Tackling Complex IT Challenges Today’s sophisticated business environment demands a dynamic and robust IT infrastructure which is a far cry ...