It’s not a surprise that the Internet of things isn’t exactly the most secure. In fact, there are daily stories about breaches and hacks due to flaws in the technology, issues with settings, and unencrypted data being transmitted. It’s just incredibly difficult to fully encrypt IoT data.
While it’ll never be possible to fully lock down all IoT devices and communication, one company, Teserakt, is trying to at least encrypt IoT data for more secure transmissions. It might seem like a small step, but it’s a start towards securing a growing industry.
IoT Creates Data for the Taking
Would you send your personal banking details over an unsecured connection online? No. You already know that’s a terrible idea. But, do you know how secure your smart speaker’s data is? Probably not.
It’s something most people take for granted. The convenience of IoT devices makes it easy to forget about the flaws. While talking to Alexa or Google Assistant might not seem like a big security breach, imagine a major financial firm using unencrypted IoT devices to transmit your financial data. Now, there’s a major problem.
The Internet generates 2.5 quintillion bytes of data daily, and that includes connected devices. Securing this much data is a challenge. By the end of 2020, Gartner predicts there will be 33 billion connected devices, but Cisco estimates at least 50 billion. That’s even more data and devices to secure.
Teserakt’s Encryption Solution
While Teserakt isn’t going to protect data that’s exposed simply because someone chose the wrong security setting, the company is looking into using open-source technology to encrypt data as it’s transmitted. This isn’t exactly new, especially since some popular messaging apps already use end-to-end encryption.
The Swiss cryptography firm recently introduced E4 at New York’s Real World Crypto conference. E4 is a key management and end-to-end encryption protocol using open-source technology. It’s designed for major IoT deployments.
Teserakt’s main product, E4, is made to integrate into manufacturers’ servers to provide end-to-end encryption and easily scales to millions of devices. By automating key management, it’s easy to adjust keys based on different types of data.
While there are similar solutions available, it’s the easiest to integrate. It works on all platforms and requires far less bandwidth and resources. It also offers full end-to-end encryption, which helps companies better meet data security compliance
Current Encryption Standards
Before anyone panics, most IoT devices provide some level of encryption. However, it’s usually not a consistent encryption, as data travels from a device to the developer’s servers. At some point, data is left exposed. This is simply because it’s becoming increasingly difficult to offer full encryption without reducing the speed and effectiveness of the device itself.
Teserakt is offering a more lightweight solution to encrypt IoT data. Instead of needing to be added to every device individually, it’s integrated at a server level.
Now, developers and manufacturers are able to remotely encrypt data connections to millions of devices at a time. This makes it easier on individuals and companies. Ease of use is always a great selling point, making it more likely that those making or relying on IoT devices will consider using E4.
Benefits of Open Source
One notable difference between Teserakt’s E4 and many other similar solutions is the company is using open-source software. By having a more open software model, it’s much easier for developers to check the code regularly for any flaws and vulnerabilities.
This is the same reason Linux-based operating systems tend to be more secure than Windows and Mac. Experts have access to the code, not just a group of inside developers. They discover vulnerabilities faster, leading to a more secure system.
Is It Possible?
The biggest question from IoT experts is – is this really possible? Yes, it’s an optimistic project, but if Teserakt can deliver, it’ll drastically change how developers and manufacturers encrypt IoT data.
E4 is still in its early phases. As companies start to add it to their servers, it’ll be more clear how effective Teserakt’s innovative solution will be.
Image credit: Creative Commons/Infosec Images