Security for Internet of Things (IoT) – A “Rubik’s Cube” of Passwords

Technology is meant to make our lives easier and, in most cases, it does.   Communications and Internet access using mobile devices allows us to do everything we did 10-15 years ago in the confines of our homes and offices to almost anywhere in the world.  The ability to detach ourselves from wires and expensive business equipment has enriched our lives and made us more productive at work.

Now the next stage of technology upgrades is upon us, or will be soon.  The Internet of Things (IoT) – or as some refer to it, the Internet of Everything.  It is the concept of interconnecting uniquely identifiable devices with the existing Internet infrastructure – seamlessly moving all kinds of data among the devices and a variety of storage platforms.

For example, devices can range from heart monitoring implants, biochip transponders on farm animals, an automobile with built-in sensors, to field operation devices that assist firefighters in search and rescue.  If you have a “connected home,” you’re already experiencing the IoT.

According to Gartner Research, there will be nearly 26 billion devices on the Internet of Things by 2020.  Another firm, ABI Research, estimates that more than 30 billion devices will be wirelessly connected.  Depending on population growth over that same period, on average, that’s about four devices for every person – but you can’t make that simple assumption.  There will be a concentration of devices by geography and population based on social and financial parameters.

The biggest area of concern for IoT pundits, and companies expected to play a large part in bringing this phenomenon to life, is security.  An executive from Intel recently said the Internet of Things needs its own security model in order to fully protect user data, and to allow that data to be shared in a secure, personalized way.  This is a huge stumbling block for companies making large investments on developing products and services for broad acceptance and use by consumers and business.

This is just the tip of the security iceberg.  Think about how this impacts the average person.  How many passwords do most people have for all their accounts, apps, services, etc.?  Personally, I have so many I’ve resorted to a “password keeper” app on my smartphone.  So how does someone securely manage all of their personal, financial, health and other data that is supposed to traverse the IoT?

How do you solve the Rubik’s Cube of password security?

Secure biometrics can be the solution to remembering the dozens of passwords required today to conduct our daily lives.  As fingerprint sensors are embedded into more mobile devices and fixed ID modules, the ability to use one, or several fingers, to securely identify oneself and access information is a convenient alternative to traditional passwords or PINs.

Just as IoT security is still being researched and developed, mobile biometric solutions are also evolving as we speak.   While users of the latest Apple and Samsung mobile devices enjoy the ability to use a finger to conveniently unlock the phone, the level of security is woefully inadequate to handle the kind of personal data transmitted and delivered over the IoT.  Both companies’ fingerprint-authentication features were spoofed, or hacked, within two days of being introduced.

But solutions are on the way and becoming more available on a daily basis. The FIDO Alliance, an organization NexID has recently joined, is an industry consortium revolutionizing online authentication with standards for strong authentication. And speaking for NexID, we are continually working to deliver higher accuracy “fake finger detection” technology, often referred to as “liveness detection,” onto smaller and mobile platforms. To that end, look for us to introduce new solutions for “embedded” and mobile fingerprint sensors in the coming weeks.

Liveness detection adds a required level of security that helps to ensure that authentication on a device is valid, eliminating many of the security hurdles faced by the IoT at the starting point of the interaction.  Authorization for a mobile payment or healthcare application, and the information interchange over the IoT, starts and ends with the user so placing the first level of encryption at that point helps to ensure privacy and security of the data.

When the IoT becomes easy, understandable, affordable and most of all, secure, this next stage of technology will impact our lives as much as mobility has in the past ten years.