Three Approaches to IoT Security: Part Two

There is no single path to securing mobile devices and networks. This article, the second in our three-part series, focuses on how one startup company is leveraging blockchain technology and a type of cryptography called telehash.
By Mary Catherine O'Connor
Aug 05, 2015

(Read Part One.) (Read Part Three.)

When it comes to security, the IoT is already broken. That's what Paul Brody has spiritedly argued since he led IBM's mobile and Internet of Things services business (he moved to Ernst & Young, where he serves as the company's technology sector strategy leader for the Americas, in April 2015). By following a centralized, cloud-based approach to networking IoT devices, Brody told a conference last year, "we've created the most delicious pot of data that any hacker could possibly want."

A report titled Device Democracy: Saving the Future of the Internet of Things, released late last year by the IBM Institute for Business Value, argued:

Filament's Eric Jennings'
"In a network of the scale of the IoT, trust can be very hard to engineer and expensive, if not impossible, to guarantee. For widespread adoption of the ever-expanding IoT, however, privacy and anonymity must be integrated into its design by giving users control of their own privacy.

"Current security models based on closed source approaches (often described as 'security through obscurity') are obsolete and must be replaced by a newer approach—security through transparency. For this, a shift to open source is required. And while open source systems may still be vulnerable to accidents and exploitable weaknesses, they are less susceptible to government and other targeted intrusion, for which home automation, connected cars and the plethora of other connected devices present plenty of opportunities."

Brody advocates using blockchain technology as an IoT building block. The digital currency system bitcoin employs a cryptographic blockchain to handle financial transactions using a public ledger. But blockchain can be used to perform a range of other types of transactions in a decentralized manner. One can utilize it to process agreements, create and exchange tokens or authorizations, or simply send tweets.

In January, IBM and Samsung demonstrated the Autonomous Decentralized Peer-to-Peer Telemetry (ADEPT) project, a proof-of-concept decentralized IoT architecture.

Just as bitcoin operates without a bank, IoT devices could operate without a centralized cloud server, using the blockchain as a digital ledger that enables transaction processing on any device rather than routing it through a central server.

JOIN THE CONVERSATION ON TWITTER
Loading
ASK THE EXPERTS
Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations
© Copyright 2016 RFID Journal LLC.
Powered By: Haycco