In a connected world, we need to think about security in new ways. There are a lot of IoT devices out there sensing... reading... waiting.... Cryptography is very similar to IoT! In the IoT landscape, we're starting to hear about Root of Trust, Data-in-Motion Encryption and Data-at-Rest Encryption.
Sensing vs Acting - acting has more requirements for encryption and authentication. Cryptography is Identity, Authentication and Authorization. There aren't users, logins, passwords... these are small devices that have little or no human interaction. Crypto has to be that user, per se.
It's all about the root of trust. When you are going from factory to someone's livingroom, the consumers need to know the device hasn't been tampered with. But crypto can also be used to establish sessions, exchange information and data securely, etc.
When we talk about IoT, there is a lot of data in motion. Hard drive encryption and radio encryption both use symmetric keys - this is something we should understand how to do. Protection needs to be balanced with other requirements, suhch as bandwidth and battery consumption.
We need to protect data at rest - we need to also allow access. Think about a mechanic trying to access data from the canbus.
We can look at turning our challenges into opportunities. Can we align disparate technologies? Could we orchestrate utilization and product strategy? What if we could do device attestation at scale? And make the orchestration of root of trust widely available?
The next trend is how cryptography can orchestrate control and management. Need to rely on standards and interops, automating and simplifying.
Need to have a way to do key distribution and association for Narrow band IoT sensors, communications infrastructure and device management.
We already have the fundamentals and knowledge - need to apply to IoT in a way that makes sense.
No comments:
Post a Comment