Cybersecurity and the Internet of Things – David Orme asks if it is time for biometrics?
The Internet of Things (IoT) is growing at a rapid pace, with connected devices and white goods entering our domestic and working environments faster than ever before. Now, thanks to the advent of Wi-Fi, what we once deemed to be white goods are increasingly becoming connected and ‘smart’. It’s now possible to order a pizza, replenish the fridge and download a film to watch, all within ten minutes and without leaving the comfort of your armchair using IoT technology – what bliss!
IoT is, undoubtedly, making life much more straightforward. Gone is the need to trawl shops, to battle for that last space in the supermarket car park or struggle through the high street with bags full of shopping. IoT lets us delegate important every day, but mundane, tasks to connected goods, leaving us free to focus on the more complex and fun things in life. If your fridge can order the milk for you automatically (and if it doesn’t already, chances are you will in due course own a fridge that can), that’s one less thing to think about on the way home from work in a busy modern life. Yet like most good news, IoT comes with a few caveats. Chief among these is the issue of cybersecurity.
Who’s charging to your account?
For a connected device to take actions on your behalf, be that a payment when your intelligent fridge re-orders the milk, or a smart TV granting or refusing permission for a child to download or view particular media, there has to be a process of authentication. In other words, the device or provider has to be sure that the right person is making the request, just as they do when you use a payment card conventionally. Your connected fridge has to be sure that it’s you who just ordered champagne and caviar, and asked for the charge to be placed on your account/card, rather than it being your teenager, or the cleaner, or someone who’s hacked into your fridge and made fraudulent transactions. Let’s also not forget that your manufacturer or service provider has to make sure that it is a real fridge and that it belongs to you, so that it knows it is talking to the right appliance. After all, manufacturers need to be able to authenticate that it is the right fridge receiving requests from the right person, as well as authenticating the payment.
As a society, we are used to authenticating our transactions, it happens daily. Usually the process involves a PIN or a password — when we use our card in store or check our bank balance, for instance. The problem is, we know that these methods of authentication are no longer fit for purpose. For example, it may be easy for criminals to guess or uncover a PIN correctly, while passwords are also often compromised.
Indeed, the constantly-repeated advice that passwords must be unique, complex, but never recorded, provides a perfect example of why this authentication method has had its day. If forecasts are correct, there will be more than 20 billion devices connected to the IoT by 2020 and a good proportion will be directly connected to payments. Providing cyber criminals with up to 20 billion more opportunities, particularly if those devices rely on outdated authentication protocols.
The answer’s at your fingertips
To secure the things that we treasure, a higher level of authentication is required, one that is entirely personal to us and impossible to replicate. Biometrics are the answer for the burgeoning IoT. Manufacturers of smart goods must look to include fingerprint sensors into connected devices themselves, so that authentication can take place on site, without information being sent into cyberspace. Locally stored biometric data for authentication is virtually impossible for criminals to hack or intercept, and impossible for anybody to replicate in person. The only person who can authenticate an action, permission or transaction, where biometrics are involved is the person whose fingerprint is held as a record on the device.
Biometric authentication will end the concerns people currently have about the implications of devices being lost or stolen, and even sold on. Using biometrics to authenticate gives users a truly personalised and secure IoT experience.
After all, if the time comes for somebody to order several magnums of champagne and kilos of caviar from a smart fridge in your home, don’t you want to be absolutely sure that person is you?
David Orme is SVP of IDEX Biometric. IDEX Biometrics, also known as IDEX ASA, is the leading provider of fingerprint identification technologies offering simple, secure and personal authentication for all. It helps people make payments, prove their identity, gain access to information, unlock devices or gain admittance to buildings with the touch of a finger.