Ensuring the Security of IoT
As Internet of Things (IoT) and Artificial Intelligence (AI) based systems and solutions become ever-more digitised and more technologically advanced, they’re adopted and deployed across more and more sectors of our economy and society. They’re transforming the way our industries develop and deliver new products and services, changing the way we live, work and learn, and they’re becoming an increasingly vital part of our efforts to build a more sustainable future.
But that transformation needs to happen in a way that still ensures that change and progress don’t happen at the expense of security and privacy. Just as we adopt IoT and AI into more of our lives, it’s increasingly vital that we research and develop new ways and technologies to manage security and privacy, and ensure they integrate seamlessly into a range of contexts and applications.
With that important aim in mind, we were proud to join ARCADIAN-IoT – a European Commission funded project - and work with cybersecurity experts from the industry and academia and with IoT solution providers to create new and innovative ways to deliver security and privacy in IoT systems.
We turned to our Head of R&D, João Casal, to answer some of the top questions about this important IoT initiative and our part in making it a reality…
|Why is security so important for IoT?
The benefits of IoT solutions are attracting many areas of business and of society, from home automation and transportation to agriculture, energy management, medical care, surveillance and many others. Having connected devices means that data – often sensitive, private or valuable – is circulating from devices to the internet or stored on devices but accessible via the internet. It also means that devices can be controlled remotely, again, via the internet. A huge amount of data is generated by IoT networks and IoT communication processes, so keeping it all secure is crucial if these solutions are to succeed and if we are to unleash the full potential of IoT.
|Why is IoT security becoming an increasingly prominent issue now?
In 2021 there were over 11 billion connected IoT devices – a number that’s expected to grow to over 29 billion in 2030. Simultaneously, cybersecurity threats are becoming more and more complex and sophisticated, which creates the need for increasingly robust security frameworks for IoT devices and networks. I believe that any IoT solutions that are found to be unsecure simply won’t be able to succeed in the competitive digital arena.
|What’s the difference between security, trust and privacy management in IoT?
IoT security relates to the processes that keep IoT systems (data, devices, networks) protected from threats and breaches such as unauthorized access, and to the processes that identify and mitigate risks and vulnerabilities. Being directly related to security, we can see trust as the level of confidence that an entity (a person, device or service) has in another entity. In other words, confidence that that other entity hasn’t been compromised or that it isn’t vulnerable to threats. Privacy management can be understood as the set of processes that control and protect individuals’ data rights.
|Why is Truphone doing this? What made you want to get involved?
Here at Truphone, we believe that IoT connectivity and IoT security should be two sides of the same coin. We’re a global connectivity provider for IoT, so coupling our renowned connectivity services with security services (like secure IoT authentication, network-based authorization, or secure data communication) adds some relevant extra value for our IoT customers, helping them to ensure secure connected solutions by design.
Also, as eSIM technology leaders, using the secure element of eSIM as the root of trust for IoT security is another way of continuing to be a leading innovator in our market, creating solutions that are relevant for our customers both now and in the future.
|How far along in the process are you and do you have any proposals yet?
So far, part of our work has been focusing on using GSMA IoT SAFE to enable eSIM to provide new solutions to IoT security challenges, like the hardened encryption of data, or attestation of data provenance. We have also a new zero-touch authentication mechanism for IoT devices in Cloud services that will prove to be a game-changer because it’s a lightweight, secure and very scalable solution. This authentication service makes the most of proven authentication standards from cellular networks, and we’re working to integrate it into brand new multi-factor authentication schemes that combine our technology with other factors of authentication, like Verifiable Credentials, Decentralized Identifiers or Biometrics.
These technologies are already being integrated and demonstrated in IoT solutions like Medical Monitoring and Care or Surveillance with Drones in Smart Cities, and these are all solutions that obviously rely on the global connectivity and eSIM technology that Truphone provides.