Securing the future of IoT devices

Last updated: 14 January 2021

This blog was written in collaboration with Jean-Paul Truong.

Living in a more connected world leads to more risk of hacking and cyber-attacks. The worldwide number of IoT-connected devices is projected to increase to 43 billion by 2023, an almost threefold increase from 2018, demonstrating the pace at which the world is becoming more connected. However, this means that hackers have even more targets to attack, requiring us to become smarter in how we protect and share our data.   

The importance of having robust data security and authentication processes has never been higher. Thankfully, there are a variety of government initiatives seeking to help secure the digital world for the benefit of citizens and businesses around the world, including the Secredas and ITEA Parfait Projects 

These two projects are prime examples of how governments and organisations are collaborating to protect citizens, businesses and government institutions from criminal groups stealing their private data. And, with the number of IoT devices growing exponentially, these projects are imperative to protecting the digital world as we know it.  

The Secredas Project: Advancing technologies for connected and automated vehicles 

While fully automated vehicles may seem a futuristic fantasy, there are many examples of this technology currently operating in the world todayHowever, one in four potential buyers/users of autonomous vehicles in Europe don’t trust them to be secure and are therefore reluctant to buy one. Moreover, like other connected devices, automated vehicles bring their own unique risks of being hacked by criminal groups to steal customer data or to use them for criminal activities.  

In response, the Secredas Project, part of Horizon 2020has been developed as a consortium of 70 partners focused on the advancement of cybersecurity and safe technology for connected and automated vehicles. Among different topics covered that propose significant and innovative solutions for Safety, Security and Privacy, one of them is to ensure secure authentication and build trust amongst potential drivers. The project and its contributors are aiming to work with ride-share service providers to create a software architecture which will enable consumers to access their automated vehicle with driver identity details stored on their mobile device. Using this method of authentication, the hope is to eliminate the complex verification process when identifying drivers while creating an easily accessible service which utilises a high level of security to protect user data.   

With Secredas’ platform, the data kept by the autonomous vehicle would be protected by cryptographic mechanismsSo, if your car was accessed without authorisation, the data would be unavailable to the unwanted user. And, if a user’s mobile device was stolen, the service provider applications within Secredas’ architecture would not store sensitive personal information such as payment details and user addresses. Instead, these applications would only store anonymised data, such as the users driving ability, which would be of limited use to a hacker 

The ITEA Parfait Project: Protecting personal data when using connected devices. 

Similar to Secredas, ITEA Parfait is a project that aims to develop a common platform to protect personal data and provide secure authentication processes for users when using connected devices. This project seeks to address two core challenges associated with the IoT: the complexity involved with interoperability and ensuring high level protection of user data 

What is distinct about the project is that it seeks to incorporate FIDO authentication technology as the standard of protection of user datathis allowing wide adoption, ease of use and security against attacks. 

In a real-world example, Parfait envisions citizens logging into a hotel website and booking their stay using a FIDO authentication token. When they arrive at the hotel, guests will once again use FIDO two-factor authentication to check in and identify themselves. Finally, users would be able to use their FIDO token on their smartphone to unlock their room and access hotel facilities, all these actions embodying the concept of truly portable authentication.  

By using this FIDO-integrated software architecture, users will be able to access a variety of services across different industries with just one FIDO token, removing the need for unnecessary passwords and applications that often complicate the authentication process. In terms of data protection, the integration of FIDO into this architecture means that all personal data stored on the tokens is anonymised, meaning that service providers cannot access users’ personal information. In addition, Thales FIDO token integrates all the highest ultra-security features to resist against fraudulent attacks. 

Parfait’s interoperability architecture would not only enable secure user authentication with different networks but would also allow secure authentication between IoT devices. With modern homes becoming smarter through the introduction of smart appliances, such as smart meters or home hubs, the standard of security needed to integrate these devices safely is paramount. At an individual device level, devices like smart meters are secured using Public Key Infrastructure (PKI). But once smart devices are added to a network, the points of entry into that network increase as well, requiring security methodology – like Parfait – that is designed for scale.  

This project is looking to enable the pairing of smart appliances into home networks via FIDO authentication to ensure that all connected devices are secure when incorporated into smart home systems. With this innovation, users will be able to use voice recognition technology to control various smart appliances in their homeswhether telling their smart thermostat to increase a room’s temperature or asking the home hub to play your favourite music. 

While these are only two of multiple initiatives that are currently seeking to provide enhanced data protection and authentication processes, their impact will be immeasurable as we head further into a connected future. 

Interested and want to learn more? Leave a comment below or tweet us @ThalesDigiSec if you have any questions. 

Leave a Reply

Your email address will not be published. Required fields are marked *