Preparing for the Internet of Things: Integrating Strong Authentication in Daily Life

Monday, November 04, 2013

Jochem Binst

631e72bff10f695d4be8dec9d08d7534

In our interconnected world, day-to-day objects have become smart objects that gather data en interact with one another generating an enormous amount of (mostly anonymous) data. Once we start to personalize the gathered data we move from an anonymous to a personalized and identifiable Internet of Things. The challenge here is to keep seeing the forest through the trees. It may sound complicated but a lot of people are already familiar with the Internet of Things without even realizing it. Let’s think, for example, about the growing popularity of running applications that track workouts. By using a smart phone application, people can keep track of their training progress. When they go running, an app on their phone gathers information about their tempo, track or distance. All of this data is made available online and is stored for future reference. It makes it possible for people to e.g. see the progress they have been making based on previously stored data.

Keeping up with technology

The potential benefits for lifestyle and business are huge. As this kind of technology starts to become part of our daily life, its opportunities bring along responsibilities too. The Internet of Things will not only facilitate life, it will also face security challenges we have never seen before. On one hand, it will create the possibility to manage our lives over the Internet using online applications as a tool. On the other hand, all these ‘smart’ objects will gather and share data over online networks, transferring information from one object, place and/or person to another. Today for example couriers provide perishable packages with contents, like medicine, with sensors and/or RFID tags attached to track them and follow up on their dispatch process. The environmental data gathered by the sensors and/or tags is sent to a server to follow up on the package’s journey and overall state: where the package is, if the temperature is right, if it has been exposed to light… This data is then made accessible through an online platform and/or application.

When we look at the online world today, we see that hackers are intruding more and more into people’s personal life. Social network accounts are hacked on a regular basis, just as e-mails, bank accounts, online gaming accounts, and other accounts are.  Recently, hackers at the Black Hat security Conference set up a test to hack Samsung smart TV’s and with success. They could access the files on the TV and even use the embedded camera to look into people’s houses… The list of hackable objects we use on a daily basis keeps expanding. These days, the possibilities for hackers are already extensive, but imagine what a hacker would be able to do in a world in which all objects are linked to each other by the Internet. Consumers and application owners have to be aware of the fact that in order to be ready for the Internet of Things, they have to start preparing today by adopting higher security standards and integrating them in their daily life. If the world today already shows us that we need stronger online security, imagine the world in 2 to 5 years. The importance of security keeping up with the pace of the technologies cannot be underestimated.

As the Internet of Things penetrates the present, online applications to access and control these ‘smart’ objects grow and online security becomes an even more important part of our day-to-day life. Consumers are in need of a framework that makes it possible to manage their own personal data stream and the virtual presence that comes along with it. The challenge is to create a secure way to handle all the applications that are created to control these objects connected to the Internet. They should be secured, not only with username and static password, but with strong two-factor authentication to eliminate risks of these data being compromised.

This expanding online world will create a lot of opportunities for application developers to offer different accounts to the consumer market and give them the tools to manage their lives in the cloud. An example of the opportunities of the Internet of Things: food products can have some kind of chip attached that carries information on the product and makes it possible to for example track them and read their final expiration date. People will be able to shop from a distance. The fridge will be able to communicate through an application that can tell us which products are left, which ones will need to be replaced and which would come in handy to prepare a certain recipe. By using an online application, people will only be a few clicks away from ordering additional ingredients, delivered by the time they get home from work. This may sound very convenient, but what about security?

Growing security challenges

To keep up with these upcoming technologies, consumers and application owners should start adopting strong authentication today. Application owners should protect their customers by providing them with a secure option to secure their accounts. Consumers have to start realizing that the static passwords that we use today do not cover the security needs anymore. Recent hacks have shown that nowadays cyber criminals already take advantage of the fact that most accounts are protected by weak static passwords. Imagine the possible complications when the Internet of Things reaches its top. What if someone hacks into someone else’s fridge and orders 50 cartons of milk? You might think that would not be a huge problem…but what if your entire home was linked to the Internet somehow and hackers could switch off the security system by hacking into an application? As the Internet of Things evolves and the applications and their contents become more important, the consequences could be huge. 

These days, most consumers find it difficult to manage their digital life. They have already created several accounts on all kinds of websites using different credentials. It has become quite a hassle to remember all these username and password combinations and the number of applications we use is growing every day. A lot of people have seemingly solved this problem by using the same username and password combinations over and over again. Unfortunately, this makes the accounts even more vulnerable. Putting aside that static passwords provide a weak level of security, using the same static password over and over again lowers the security level even more. It makes it possible for hackers to break into one’s account, steal the credentials and use them to enter all kinds of accounts this person has created. 

Implementing strong authentication is a necessity

People have to let go of static passwords and realize they do not offer enough security anymore. There are other options, such as strong authentication, that are way more secure and even more user-friendly. People have always felt the need to create a secure environment in day-to-day life. It is time to create a safe online world too. It offers a simple, convenient and safe alternative for static passwords to protect online applications like e-mails, e-commerce accounts, social networks... and any online application that will be invented next. Instead of using the same weak password over and over again, strong authentication uses a one-time password (OTP) that can grant you access to your accounts, so there is no need to remember static passwords anymore. This OTP can be generated in an easy way using a mobile application or a hardware authenticator. When an OTP is intercepted by a hacker, he will not be able to use it, as they are only valid for a limited period of time and can only be used once. Both application providers and consumers will benefit from the adoption of one-time passwords.

A lot of people are not aware that these kinds of solutions are already available today. Online authentication platforms can manage digital life in a convenient and most of all secure way, for both application owners and consumers. These kind of platforms make it possible for application owners to integrate strong authentication on their website or online application, terminating all static password vulnerabilities. As most of these services are offered in the cloud application providers do not need to invest in expensive infrastructure or worry about password management anymore. Application owners will not have to doubt about the end users adopting and using strong authentication either. The platforms are extremely user-friendly and offer end users different software or hardware solutions or even mobile apps to authenticate themselves on a daily basis. End users can easily download an application on their mobile device to generate a dynamic password. Using this one-time password, they have secure access to their favorite applications. No more need to remember passwords and/or user credentials. This way, security does not become the burden it is sometimes perceived to be, but a convenient tool to keep online data safe from villains.

The implementation of this kind of security in daily life requires the commitment of both application owners and end users. It is a joint effort that creates a balance between security and day-to-day convenience. The online world as we know it today is not the same as the one we got to know in the beginning of the Internet era and certainly not the one that is emerging today! People worldwide are starting to realize this. All they have to do now is act on it. Strong authentication to secure the online world will be embraced since it becomes a necessity; using strong authentication is the next step.

About the AuthorJochem Binst heads VASCO’s worldwide Corporate Communications Department and is responsible for Financial and Corporate Communications, Product PR, Public Affairs, Internal Communications and European IR. Jochem Binst joined VASCO Data Security in 2001. 

Possibly Related Articles:
13596
Enterprise Security Security Awareness
Software
Passwords Security mobile VASCO Strong Authentication Internet of Things
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.