(Blog) September 4, 2014 — Could PKI become fashionably late? It’s often said that information technology is actually a fashion industry, says Nick Booth. Trends come in, lose their flavour in the course of a season and get ditched for something newer and racier. But they never quite disappear. Then 10 years later, they’ll suddenly be on trend again when the cycle comes round.
Computing, as a model, started off with centralised control. Then there was a distributed computing revolution where the workers seized access to the means of production. Well, the computers at least. Then, when everyone realised how complicated and expensive networked computers are to manage, a new breed of tyrant emerged from the IT department to seize power. Now they’re called chief information officers and they often sit on the board.
As global economies ebbed and flowed, so did the control of technology go in and out, just as skirt lengths are often used as an indicator of stock market fluctuations. According to The Hemline Theory, if skirts are short it means the markets are going up. In a recession, it’s maxi skirts all the way. By extension, if the average hemline goes up, then IT directors should get nervous, because their power base is about to be eroded, as control goes out.
Fashion and IT have already collided, with the onset of wearable technology. When some of the new wearable trends are unveiled at launch events, it’s hard not to feel like an interloper who has stumbled into London Fashion Week. Though we’re assured that these outlandish inventions will be “all over the high street next year” many of us find it hard to suspend our disbelief, despite all the endorsements from the tame hordes of bloggers and fan boys that vendors can win over with the offer of some free kit.
Wearable technology needs to ‘up its game’ if it is to gain mass acceptance, as has been previously pointed out in M2M Now (see Analysts find wearable tech market is held back by poor business models and need for fashion collaboration). The only reason I wear my Watch2Pay gadget is it’s waterproof and tells me the time. I’ve never found a single outlet that had a machine that could talk to the SIM card in my watch. The only health monitoring gadget I’ve wanted to keep after a review was one that gave me an electric shock, which was quite enjoyable. But it’s doubtful whether masochism was part of the product design criteria. Still, they might have unwittingly found a new niche (Enough already. Back to the wearables. Ed).
Decentralised control of IoT security
Control of the Internet of Things (IoT) is set to be decentralised now, too. Now that the work environment (and indeed the workforce) is pervasive, security has followed its lead and is now ‘all over the place’, in every sense.
The rage within the criminal community, for internet crime and malicious attacks, has exposed some of the limitations of traditional security methods. The impregnability of passwords and knowledge-based authentication systems is being gradually worn away by wave after wave of attacks. (See Security features based on existing specifications can enhance IoT security and privacy, says GlobalPlatform)
Security today relies too heavily on Public Key Infrastructure (PKI), which relies on a centralised security controller to issues passes (or certificate authorities, as they’re known) in order for the users (be they man or machine) to trust that the other party is genuine. Centralised security is becoming outmoded, because ‘rogue authorities’ have worked out how to mimic these. As an inspection of your email Inbox will confirm, impersonation is now de rigeur in crime circles.
‘Unfakeable’ verification technique?
So we can expect a new trend in security, with end-to-end (or decentralised) security coming into vogue. Users will take control of their own security, according to Oxcept, one of the pioneers in this field. Oxcept achieves this by creating its own security protocol (Human Interactive Security Protocol) through which a secure channel can be created between two devices, using various new verification techniques, which the inventor says are “unfakeable”. Time will be the judge of that.
Since this is meant to be a complementary technology to PKI, centralised security isn’t going to disappear. But it may go out of fashion for a season.
How that will affect skirt lengths and the stock market is anybody’s guess.