IoT Security Could Crack Quickly In The Quantum Era - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Data Management // IoT
Commentary
3/18/2016
09:05 AM
Larry Loeb
Larry Loeb
Commentary
50%
50%

IoT Security Could Crack Quickly In The Quantum Era

Internet of Things security is only beginning to get serious attention. However, it might already be too late. In the era of quantum computing, the fragile security that protects IoT devices may crumble faster than you think.

8 IoT Operating Systems Powering The Future
8 IoT Operating Systems Powering The Future
(Click image for larger view and slideshow.)

The Internet of Things is beginning to really worry me. It's mostly because the vast amounts of data out there can't be controlled well by users.

It's not just a concern that I have. In fact, the industry creating IoT has been behind in addressing a wide range of security issues concerning embedded and smart devices, a recent panel at Mobile World Congress found. So, where are the vulnerabilities? They are right under your nose, most likely in your home.

When some device in your house can be controlled by your smartphone, the device and your phone communicate over the Internet. The manner and way that they communicate between each other determine how much data can be thrown off and then monitored by others.

If the data between the two is sent in cleartext, it's easy to directly monitor. Anyone will be able to listen, and know that you just told your smart thermostat to turn on the air conditioning.

That may sound innocuous, but what if there is a thief sitting in your house taking things and listening for actions that may indicate you are about to come home? Not so innocuous then, is it?

The metadata alone that is associated with IoT systems can also be a useful data source, even if the message used to create the metadata has been protected.

A metadata layer is used to reduce the friction across all stages of data governance by providing a context for that data. The goal of the metadata layer is to capture and incorporate the business context, logic, models, and rules as machine readable, programmable concepts. These will then aid in mimicking how humans process data, analytics, and information.

(Image: Danil Melekhin/iStockphoto)

(Image: Danil Melekhin/iStockphoto)

There are other kinds of IoT vulnerabilities to consider. Ring, a manufacturer of smart doorbells with video cameras, realized not long ago that, by using a home's WiFi, the company was inadvertently giving up the home network's password.

First, the Ring doorbell gets reset, then a specific URL is viewed on a browser.

Voilà, the password.

Of course, Ring issued a firmware update when this was publicized. But why wasn't that caught in some kind of security audit before release? Did the manufacturer even choose to look for that kind of problem?

But let's move away from the abstraction layer here for a minute.

The one privacy/security tool that is available for the IoT device's use now is end-to-end encryption. It offers the hope that the mathematical effort needed to solve for the prime numbers that are the key to the encryption will keep it safe. Currently, the use of encryption is not widespread among those emerging devices that have a low cost of manufacture as part of their DNA.

There are also quantum computers to consider in the IoT mix.

Right now, they are not cracking encryption … yet. Give these machines another five years, and they may be able to do just that.

Are you prepared for a new world of enterprise mobility? Attend the Wireless & Mobility Track at Interop Las Vegas, May 2-6. Register now!

MIT researchers have announced they have figured out how to build faster quantum computers that are designed to defactor large prime numbers, and are easily scalable as well.

The news is almost equivalent to Carter Mead's announcement of the first silicon foundry in 1967. The process is one of applying technology to building bigger and faster quantum machines that are very good at figuring out crypto keys, instead of trying to figure out the physics necessary to build a quantum computer to do that. They have found a way.

This kind of quantum machine sounds the death knell for RSA-style encryption, the kind so widely used today.

Here is the problem laid bare: Quantum computers will be able to crack RSA-style crypto in a few years. That is the encryption used even when some end-to-end scheme is implemented in IoT. How will IoT privacy be protected at all?

The NSA thinks that it can come up with quantum-proof encryption -- someday. Maybe it will let it out. Maybe it will get used in IoT projects.

In the meantime, we have RSA-style encryption to use -- and that still isn't used all that much. But, beware of IoT devices that cannot be safely upgraded to deflect the growing security threats that will surely evolve over time. Those devices will leak data no matter what you do to stop the problem.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
larryloeb
50%
50%
larryloeb,
User Rank: Author
3/26/2016 | 4:49:00 PM
Re: security on the mind
@batye

That's because you have learned I am always right.

Snort.
larryloeb
50%
50%
larryloeb,
User Rank: Author
3/26/2016 | 8:52:05 AM
Re: security on the mind
@batye

Sure, that's true.

But this technology is a game changer. All the privacy that RSA-style encryption was used to ensure will be gone when it is functional.

And the tech will be available sooner than you think. It wont show up as a box on your desk.

No, it will be a service. Quantum as a Service. It won't matter who has the hardware. You just get it through the cloud for whatever problem you want to apply it to.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
News
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll