Published on 11/29/2016 | Technology
In 1980, futurist Alvin Toffler penned The Third Wave, in which he describes three types of societies depicted as waves. The first Wave – the Agricultural society - prevailed in much of the world post the hunter-gatherer cultures that existed some 12,000 years ago. The Agricultural Wave gave way to the Second Wave – the Industrial society – which began in Western Europe with the Industrial Revolution in the early 1800’s. Toffler’s prescient work predicted the coming of the Third Wave, what many now refer to as the Information Age. Sparked by the widespread adoption of computer technology, the Third Wave transitioned our world and the workplace like no wave before it, and at a far greater pace.
The Fourth Wave, what I refer to as the Connected Society, was spawned by the mid-1990’s dawn of the Internet and rapid growth of the wireless world as conduits that would forever transform our planet, rendering it significantly smaller as people throughout the globe became instantly accessible with the click of a mouse (or a finger swipe or voice prompt).
Like the waves before it, the Fourth Wave spawned entire new industries and businesses grew at a frantic pace, leaving their Third Wave predecessors in their wake. Third Wave companies like Blockbuster Video that had embraced computer technology to help them rapidly grow their businesses, were soon trampled by Fourth Wave players like Netflix.
Today, I believe that we are at the dawn of the Fifth Wave – the Internet of Things IoT - in which all facets of our life, including the physical assets with which we interact on a daily basis, will be connected and interacting with us and those around us. And the Fifth Wave goes well beyond things interacting with their human owners. It will see things interacting with things. Vehicles, even driverless vehicles, will communicate with each other and with the traffic grid, helping ensure rapid, safe movement of people and goods. The energy grid will be fully interactive, connecting to smart meters and optimizing energy use at levels never before envisioned.
Pundits like McKinsey project the IoT market will include tens of billions of connected devices by 2025 and could represent an $11+ Trillion market. Clearly, the race is on within the IoT space to see which companies emerge as the dominating force in their respective IoT markets.
A recent National Instruments report states, "As massive networks of systems come online, these systems need to communicate with each other and with the enterprise, often over vast distances." The report continues, "Both the systems and the communications need to be secure, or millions of dollars worth of assets are put at risk”. Interoperability is a must and if we extrapolate on this, the interoperability of encrypted data and the authentication of users and devices will be critically important.
As in any emerging market there are challenges, and a global survey of IoT developerscited privacy and security as the top two obstacles to monetizing IoT applications. A recent story on connected vehicles stated that “one challenge may be issuing and revoking certificates at such a scale” Another article raised the issue of key management. Most IT professionals rate the pain of managing encryption keys as severe.
These articles beg the question, “how can we expect to manage tens of billions of digital certificates and standard keys for the IoT market?”
The answer is obvious: we can’t.
Current security methodology such as PKI was not designed for IoT, and beyond that, experts such as Professor Buchanan at Napier University in Scotland are questioning the very security worthiness of PKI in general. As Buchanan states, "I think the public key infrastructure we have created for the internet is deeply flawed, especially in the cryptographic methods used, many of which are past their useful life."
Buchanan’s perspective begs the question. Why are automobile manufacturers even considering using PKI to secure their connected cars?
IoT needs an innovative, modern approach to security - one that is interoperable, that authenticates and that encrypts end-to-end. IoT solutions also need to control access to the data collected to ensure end user privacy, something that shouldn’t be just a goal but a mandatory requirement for any IoT application.
I believe the answer to the IoT security and personal privacy challenges can be found by understanding the latest developments with Identity Based Encryption or IBE.
The History of 'Identity Based Encryption' IBE
In 1984 Adi Shamir invented 'Identity Based Encryption' IBE 1.0
In 2001 IBE 2.0 was patented based on US DOD funded research, at Stanford University, and it was commercialized by Voltage (now HP). See - https://www.voltage.com/technology/data-encryption/identity-based-encryption
Also see - https://en.wikipedia.org/wiki/ID-based_encryption
In 2014 IBE 3.0 was patented by Connect in Private (CIP), bringing 15 improvements to IBE 2.0 – most importantly, securing it end-to-end and adding authentication at the application layer. CIP branded IBE 3.0 as ‘Certificate-Less Authenticated Encryption’ or CLAE.
In an IoT world that demands interoperability and collaboration, CLAE delivers as it is social by design. Think many-to-many, instead of one-to-one. The CLAE schema allows one device to encrypt, authenticate and share secrets with any other CLAE-protected device and it provides the measures to transfer trust across multiple domains (imagine a connected car from France travelling to Italy and interacting with the traffic grid with different master encryption keys). And it does so with elegant simplicity, eliminating the complexity that so often dooms security solutions.
- CLAE eliminates the need for public-key certificates, removing the requirement for secure local storage, making it the ultimate solution for mobile and myriad other applications.
- CLAE authenticates.
- CLAE delivers end-to-end security, eliminating the need for TLS/SSL.
- CLAE requires no certificate authority, no storing of certificates.
- CLAE greatly simplifies key management and dramatically reduces IT workload.
Think of CLAE as a high-powered ingredient that can be easily embedded into any existing connected offerings, turning vulnerable connections into ones that cannot be penetrated by outside parties.
The Fifth Wave – the Internet of Things - is coming and it undoubtedly will have a major impact on life as we know it today. And by leading with ironclad IBE 3.0 security in the provision of all IoT applications, vendors can ensure that the impacts from the Fifth Wave will be nothing but positive.
This article was originally posted on LinkedIn.
