December 14, 2015
Put the right amount of trust in your things
I am currently planning to automate my home, or at least my summer cabin. It sounds great to be able to see how cold it is, and if it is freezing, to be able to turn on the heating so everything is cosy when we arrive. This is just the basic kind of function – the market has so much more to offer singulair generic. You can unlock the door if one of your friends wants to borrow your cabin, or turn the kettle on when you are nearly there. The possibilities are almost endless.
But there are a few things that scare me. I have read and seen reports about how automated appliances can be hacked. Like the “iKettle hack”, or the “Honey I’m home” presentation from Black Hat. Obviously you cannot put blind trust in these devices, so what can you do? The shameless plug for our technology is, of course, that every manufacturer should adopt public key cryptography to enable string key exchange, message authentication and encryption; as well as regularly issued and signed firmware updates. This may be realistic in some high-value industry applications, but not for my low price domestic appliances.
The second thing that both private individuals and enterprises should adopt is network segmentation. If I add connected appliances to my home, I will not connect them to my regular Wi-Fi which I use for work and personal matters. I will set up a separate network for them, for example a protected guest network that my home router can handle.
If you are using more advanced items such as electronic locks, you can double up your wireless lock with an old-fashioned wire alarm system. Even if your door is compromised, at least your alarm will go off.
Looking beyond the challenges with my summer cabin, quite a few industry analysts have pointed out the need to establish trust in IoT-related data. The potential impact of compromised IoT-related data is huge, to say the least. One recommendation of how to deal with the unique issues of IoT solutions is to consider expanding cyber security competencies, in order to avoid substantial cost increases in the future.
To further underpin this fact, a recent survey of organisations investing in IoT said that 49% viewed security and privacy concerns as the most significant inhibitor to IoT distribution.
I wish all of you a safe home and a “Happy PKI Holiday” with a quote from William Shakespeare. “Love all, trust a few, do wrong to none”.
Tomas Gustavsson, CEO PrimeKey Solutions
Meet us in San Francisco 29 Feb-4 Mar 2016 at the RSA Conference & Expo, Booth 633, in Moscone South. For more information about the event visit: www.rsaconference.com