Fitting Into IoT Security with a New Open-Source Encryption Standard – IoT For All

admin on June 12, 2021 Leave a Comment

If todays IoT devices have an Achilles heel, its that theyre prone to security lapses and often catastrophic data leaks. Part of that has to do with the breakneck speed at which the IoT industry developed and continues to churn out new devices. That speed made it impossible for the industry to coalesce around any agreed-upon security standards.

And as a result, todays IoT implementations force users to find their own security solutions to stay safe. But for IoT to reach its true potential, those fundamental security issues will require an industry-wide solution and soon.

So far, most efforts toward that end have seen manufacturers employing a mixture of legacy technologies like VPNs and SSL encryption to protect data going to and from their devices. But those technologies are of a different time and werent built to accommodate the unique use cases involved in IoT networking.

For example, its common for IoT devices to communicate in a one-to-many or many-to-one configuration, which most existing encryption schemes dont support without requiring significant hardware resources. And those shortcomings make it clear that new, custom-built encryption technology is a core component of whats really needed to protect IoT devices now and in the future.

Preferably, that technology would be open-sourced so every IoT manufacturer could adopt it. And at this years Real World Crypto conference in New York, thats exactly what Swiss cryptography company Teserakt announced they were working on. Heres a look at their announcement and how it fits into the broader security situation in the world of IoT.

The product that Teserakt unveiled is called E4, and its an all-in-one encryption implant that manufacturers can include in their IoT devices and server backends. At the event, Teserakts CEO Jean-Philippe Aumasson likened their approach to the end-to-end encryption used in major messaging platforms like WhatsApp and Signal. He indicated that the decision to make their solution open source was intended to encourage industry-wide adoption and foster consumer trust through code transparency.

And crucially, the company also indicated that theyre building their system in consultation with technology companies in the aerospace, automotive, energy, healthcare, and agriculture industries. The idea behind that is to consider the many use cases that an IoT encryption system would have to accommodate. And by covering all of the major industries that might one day employ the technology, Teserakt hopes to create a universal solution that can protect many data streams.

The E4 system, for all its utility, wont be a complete IoT security solution, however. Security researchers have already pointed out that it will only protect devices from man-in-the-middle attacks and other similar exploits. It doesnt do anything to improve the devices security or the servers they communicate with.

Those problems would remain even if the IoT industry achieved universal end-to-end encryption adoption using E4 or similar technology. But creating a single wide-use IoT encryption solution would protect against many of the mistakes IoT vendors make today. For example, a recently announced flaw in implementing the open platform communication (OPC) network protocol by multiple vendors and issues like it would be rendered moot by end-to-end encryption.

Its also important to note that the E4 solution is still not ready for production environments. For that reason, Teserakt still hasnt released the fully open-source server code for it. However, they have indicated that a release will be forthcoming when theyve completed the documentation for the software.

But even when they do release the code, experts and industry stakeholders are quite likely to spend months if not years going over it with a fine-tooth comb before committing to use it. And thats yet another hurdle that has prevented previous IoT security solutions from ever making it into wide use. Major vendors may instead opt to create their own proprietary solutions in the intervening months. And history has shown that theyll be loath to make changes once that happens.

The good news here is that Teserakts E4 IoT encryption solution is a step in the right direction for the industry, even if its an incomplete one. In the end, some security standards will have to materialize for the IoT industry to fulfill its lofty promise, and its good to know that available options are coming online. That will make the jobs of device manufacturers and IoT software developers a little easier in the coming years. But for now, all anyone can do is keep an eye on Teserakts GitHub page to watch as E4s development unfolds. With some luck, it will catch the attention of enough stakeholders in the IoT industry to start making its way into their near-term plans. And if it does, that will go a long way towards making the future of IoT a little more secure. And thats something.

View post:
Fitting Into IoT Security with a New Open-Source Encryption Standard - IoT For All

Related Posts
Posted in Encryption

Comments are closed.