Embrace biometrics to stay ahead of advanced cyber threats

Stricter authentication system can keep Internet of Things more secure

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

HYPR_George AvetisovThe Inter­net of Things (IoT) will have bil­lions of inter­con­nect­ed end­points, rep­re­sent­ing bil­lions of allur­ing hack­er targets.

Orga­ni­za­tions strug­gle with user authen­ti­ca­tion, and the emer­gence of the IoT will require a new authen­ti­ca­tion mod­el. Pass­words, even when backed by a mul­ti­step authen­ti­ca­tion process, have short­com­ings that won’t work for the IoT. We expect instan­ta­neous, seam­less access to our data, and we will want con­nect­ed devices to offer faster, safer access.

Two-fac­tor authen­ti­ca­tion, which com­bines a pass­word with a sec­ond lay­er of pro­tec­tion, has increased as secu­ri­ty breach­es become com­mon and sophis­ti­cat­ed. These meth­ods are ben­e­fi­cial, but they won’t pro­tect or ease IoT use.

George Avetisov, HYPR Corp. CEO and co-founder
George Aveti­sov, HYPR Corp. CEO and co-founder

Mak­ing the pass­word process more com­plex hasn’t worked because most peo­ple still use sim­ple pass­words. Enter­ing com­plex pass­words is oner­ous, par­tic­u­lar­ly on mobile devices—the pri­ma­ry IoT driver.

Two-fac­tor hard­ware sys­tems aren’t the answer, either. To prop­er­ly use such a sys­tem for authen­ti­ca­tion, a user must pro­vide a pass­word, then either plug a hard­ware token into a com­put­er, or input a code that appears on the token’s dis­play. New­er near-field com­mu­ni­ca­tion (NFC) tokens offer improved usabil­i­ty, but must be car­ried like a key chain and near the “thing” being authen­ti­cat­ed. This slows authen­ti­ca­tion and requires users to man­age a sep­a­rate device.

More: Secu­ri­ty must be part of device design as Inter­net of Things evolves

Soft­ware-based two-fac­tor (2FA) solu­tions also fall short. Dozens of soft 2FA ver­sions are avail­able, and although most are built on sim­i­lar open-source spec­i­fi­ca­tions, they don’t present an inter­op­er­a­ble or uni­fied pro­to­col. Such frag­men­ta­tion across the IoT could be a huge obstacle.

Internet of Things 10How­ev­er, bio­met­ric authen­ti­ca­tion is a log­i­cal way to prove your identity—a pass­word can be repli­cat­ed, but a fin­ger­print can’t.

Sev­er­al mobile devices and com­put­ers already con­tain embed­ded bio­met­ric sensors.

They also include a Trust­ed Plat­form Mod­ule, or Trust­ed Exe­cu­tion Envi­ron­ment, which han­dles the val­i­da­tion of bio­met­ric infor­ma­tion sep­a­rate­ly from the device’s core oper­at­ing sys­tem. This is an impor­tant dis­tinc­tion, as those sys­tems are sus­cep­ti­ble to mal­ware. Devices with bio­met­ric sen­sors will alter the way users authen­ti­cate them­selves, even for phys­i­cal access, via smart locks.

When it comes to secur­ing intel­lec­tu­al prop­er­ty and mis­sion-crit­i­cal appli­ca­tions, com­pa­nies and gov­ern­ment agen­cies can’t take chances. Bio­met­rics offer a supe­ri­or method of authen­ti­ca­tion. Com­pa­nies have the oppor­tu­ni­ty to embrace bio­met­rics now so they can stay ahead of advanced secu­ri­ty threats.

George Aveti­sov can be reached at george@hypr.com.  His company’s web­site is Hypr.com.

More on the Inter­net of Things:
Samsung’s SmartTV fore­shad­ows Inter­net of Things eavesdropping
Health­care data at risk: Inter­net of Things facil­i­tates health­care data breaches
Impen­e­tra­ble’ encryp­tion arrives to lock down Inter­net of Things