The Internet of Things (IoT) has an important role to play in the future of information security. It will extend the reach of the Internet into devices and systems not previously considered ‘at-risk’, but also deliver an additional integrated security layer. On top of all this, it will play a role in monitoring the vulnerability of advanced mechanisms that are in vogue.The IoT was traditionally thought of as industrial rather than consumer. With clear origins in manufacturing, due to its use of sensors to monitor machines early IoT provides centralisation, remote management and data-driven insights. However, now as it transforms into the Internet of Everything, it has the potential to redefine the way we control, drive, monitor, and secure machines and environments today, far beyond a manufacturing focus only.
When it comes to monetary transactions in particular, IoT provides data-driven insights and tracking that enable users to take precautionary actions to avoid untoward incidents. The old security measures – keys, signatures, passwords, PIN numbers – can no longer provide enough protection. With IoT, we now have sensors that enable us to lock and unlock things with biometric scans, track our heartbeat, footsteps and gait with wristbands, and pay for goods without handing over cash or cards.
In our private security domain, here are four things that are fading out amid the rise of IoT and its promise to make things smarter:
1) Credit cards
Using IoT, services such as ApplePay and now Android Pay, use digital transmission of a credit card authentication code rather than a physical card to complete a transaction. There is no actionable credit card information on the device and it is practically used only to link it to the bank account. Therefore, the need for physical credit cards is gone. However, what about online shopping with credit cards? Exactly the same applies, and we are already seeing this with the use of electronic intermediary services such as PayPal. If you can use it in the physical point of sale (PoS) experience, you can also use it in a purely online experience.
2) PINs and Passwords
Whether it is a complex alphanumeric password or a simple four-digit PIN – this method is simply not secure. Either you write them down or you use the same one across multiple sites, services and cards. To try and combat this risk, UK retail bank Halifax ran an online banking pilot that made use of a heartbeat. It used electronic wristbands that authenticated access and transactions using a customers’ recognised heartbeat.
The band, which looks like a watch, authenticates the wearer by identifying their unique electrocardiogram signal, when it is first placed on their wrist. Another set of sensors detect whether the person is still wearing the band, and shuts the device down if a detected electrocardiogram is not recognised. According to Halifax, the technology is superior to fingerprints or iris scans as the heartbeat naturally provides strong protection against intrusions and falsification.
The locks and keys to your house, your car and your machines can be replaced by IoT and be made more secure. IoT combined with mobile technology can enable you to lock and unlock your possessions by using the fingerprint sensor on your mobile phone, via Bluetooth authentication or even via simple proximity of a verified device. With IoT you can get a lock and a tracker module fitted in your bicycle for around £50.
4) Identity cards
Biometrics are already a popular method for identity verification. Most passports now include biometric data. However, biometrics can be remotely checked to verify the identity, making physical ID cards, passports and other identity documents ultimately redundant. There are drawbacks to this approach. If your password gets hacked, you can easily change it. If your fingerprint signature or your heartbeat pattern data is stolen, you cannot change it.
With these changes in our environment, both consumers and businesses will have to adapt and embrace the benefits of IoT. Consumer-oriented applications such as banking, retail and even healthcare are changing. Although it doesn’t stop there. Business applications such as assembly lines and shop-floor systems are too. Wherever identification and confirmation is needed, IoT will play a role and we need to be ready to embrace and change across culture, processes and security.
By Gordon Muehl, Vice President, Industrial Internet – Infosys