IoT : an ongoing revolution
“The Internet of Things has the potential to change the world, just as the Internet did. Maybe even more so...”.
Whatever may be thought about this prophecy of Kevin Ashton, a cofounder of the Auto-ID Center at the Massachusetts Institute of Technology (MIT), IoT is already present in our daily life and has undoubtedly a promising future, with a magnitude of volumes close to those of chipcards and Secure Elements, issued in billion units since the 1990s. The first main application markets for IoT are likely to be automotive, for security and connectivity purposes, industry (Industry 4.0), health and smart cities. Payment systems are also serious candidates for IoT applications, mainly through wearables such as wristbands and watches connected to smartphones and bringing value to financial institutions and other stakeholders. To be successful, IoT requires fulfilling key criteria such as optimized device connectivity, data collection, device management, energy consumption and, probably the most important, security.
IoT and security
The IoT security requirements are nearly the same as for the classic electronic transactions, namely authentication, identification, encryption, signature. As more and more diverse objects are connected, key challenges are: objects addressing, message integrity, data protection and privacy, resistance to hacking and takeover. Every IoT player - networks operators, suppliers of connected devices, providers of services and applications - should feel concerned with security. There is here a fantastic opportunity for the smart security industry, which has a long experience in terms of secure chip-based devices management, to take-up the challenge and transpose to IoT its know-how in risk management and solutions already deployed in banking, telecom or digital ID areas. Players of this industry are able to measure and adapt the level of security to different types and depths of threats, and to provide suitable solutions, making use of different cryptographic protocols among other things…
Unlike smartphones, which are operated by a human able to watch and respond if something goes wrong and provide authentication when needed, many of these new connected devices are unattended. They also have limited inherent security capabilities. The threat also increases with the life span of the devices (the longer they are in use, the more vulnerable they may become). The scale of the IoT is also tremendous, making these huge numbers of devices ideal targets for Denial of Service attacks, for example. Finally, devices are currently extremely diverse, making it harder to tackle security threats.
The GSMA has developed IoT security guidelines to promote best practice for the secure design, development and deployment of IoT services. A proven and robust approach is promoted to address typical cybersecurity and data privacy issues associated with IoT services. This will help creating trusted and reliable services that can scale as the market grows.