Authentication, Authentication, Authentication!

Manfred Kube, head of M2M Segment at Gemalto

With IDC predicting there will be 200 billion connected devices operating amongst us by 2020, the IoT is a digital revolution tipped to eclipse any of those that came before it.

However, as with any metaphysical network, there is the very real threat of data breaches, infringing on our personal privacy, security and data. So how can data be safeguarded in this rapidly expanding network of connected devices and what can the companies that build these devices do to convince consumers they are safe to use?

From tiny sensors to mammoth machines, the answer lies in building micro-segmented stages of authentication that in turn makes data more secure but also honour consumer’s right to personal privacy, says Manfred Kube, head of M2M Segment & Offer Marketing at Gemalto.

Smart devices are changing how we work, the way our homes run and how we enjoy our leisure time, but these clear benefits to our lives also come with opportunities for hackers to steal valuable information from personal data to the intellectual property that makes a company or product unique. In the wider context of IoT, this idea of user or device authentication becomes ever more prevalent.

Take a connected car for example, when we go to unlock it using a smartwatch we want to be reassured that only we, the owners, are authorised to do. This means ensuring the users of a device (and/or account) are who they say they are and have the authorised credentials to access the information thereafter, helping form the core basis for securing the communication of a device within these expansive networks.

But there are some challenges and limitations with single user authentication, such as what happens if something goes wrong with the connected device? In this scenario, it’s more than likely that the supplier will need access to deliver any software updates directly to the device by having access remotely – only to be installed once you have accepted the T&Cs and agreed the download to commence.

By allowing this to happen a certain level of trust needs to be established where the consumer has to be clear that the correspondence has come directly from the named source and not someone who poses a security threat to the network.

High profile cyber security attacks such as the TalkTalk and Ashley Maddison sagas, have highlighted the importance for businesses to reassure their customers that these growing networks will be secure and enable the user to take control of their data.

One of the ways companies are tackling this problem of false user authentication is through biometric data – that is, using individual’s unique ‘biology’ to access their data. This includes unique means of identification such as fingerprints and vein or iris scans that are incredibly difficult to replicate.

The use of biometrics and behavioural biometrics (gestures, swipe and pattern predictions), is creating a unique level of user identification; truly establishing the sense of ‘personal’ between the user and a device. This significantly enhances the security credentials of the device and acts as a major barrier between hackers and their access to data.

When “things” communicate in the IoT, credentials residing in tamper-resistant secure elements embedded in devices can not only secure network access and communication but also support secure services such virtual private networks, e.g. for software updates.

In order for the IoT to truly reach its potential, users need to trust that their connected devices are secure and their privacy is guaranteed. Trust in large corporations has fallen away in recent years by the apparent mishandling of customers’ data by previously tried, tenured and trusted brands. Once that trust goes, it can be extremely hard, if not impossible to get back and this can be damaging, and in some case fatal, for brands.

The four best practices for IoT protection:

Evaluating risk – developers need to understand all the potential vulnerabilities. Evaluation processes should cover privacy, safety, fraud, cyberattacks and IP theft. Evaluating risk is not easy as cybercriminals are continually working on launching new threats. As there is no one size that fits all it is advisable to bring in a security expert at this stage.

Security by design – it is key that device security is duly considered at the development stage. This should include end-to-end points and countermeasures, including tamperproof hardware and software. Security should never be an afterthought – and retrofitting security is often hard and costly. It’s best to consider this in the first place.

Securing the data – strong authentication, encryption and securely managed encryption keys need to be included to secure information stored on the device and in motion.

Lifecycle management – security is not a one-off process and then you can forget about it. It is imperative that IoT devices are protected for the lifecycle of the device, be it a stand-alone product or integrated into a car, for example.

The author of this blog is Manfred Kube, head of M2M Segment & Offer Marketing at Gemalto.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

Scality’s 2022 forecast: Storage solutions get AI/MLOps upgrade, enhanced ransomware protection

Posted on: December 8, 2021

London, UK. 7 December 2021 – Scality announced its data storage predictions for 2022, coming off a year when ransomware attacks have exploded, skills shortages remain, and cloud adoption continues. This year’s forecast homes in on how storage solutions will evolve to meet these challenges and how emerging technologies will impact the data storage landscape.

Read more

Virtana free tier offering lets enterprises experience simplified hybrid cloud optimisation at no cost

Posted on: December 8, 2021

Virtana announced the immediate availability of a free version of Virtana Optimize, its cloud optimisation solution. The Free Tier offering complements the Premium version of Virtana Optimize, allowing for frictionless customer adoption.

Read more