Apr 24, 2014
There is an increasing move to connect anything and everything to the internet. From fridges to glasses, fitness arm-bands to surveillance systems, the Internet of Everything (IoE) is becoming a reality.
Many of these connected devices do very little, and indeed may just be a passing fad as people realize that an internet-connected fridge doesn’t actually enrich their life that much. However, in certain circumstances, such connectivity can add value — the question is: for whom?
Let’s take an organization and its security needs. At the moment, the general approach is for the use of challenge-and-response user validation for access to applications/resources — maybe using multi-factor systems such as tokens along with single sign-on, but overall, it still tends to be a pretty static approach. However, as the IoE becomes a reality we may be able to blend other forms of data to create a more embracing approach.
For example, it is already pretty easy to identify not only the type of device that a user is attempting to access data from, but also the location they are accessing it from. Therefore, a worker trying to access data from a Starbucks in Red Square may get a message essentially saying, “You’re having a laugh” and requesting that they connect from a more secure environment.
However, let’s take this IoE a step further. The user could be wearing multiple items that are connected, allowing us to build up a pretty complex picture of them. The organization’s surveillance systems are all connected via IP, rather than by analog or proprietary digital means. The user can now be better tracked by building up a picture of the various MAC addresses or other identifiable details of their digital world, along with biometrics such as facial recognition.
Combined with more temporal values as well, it will no longer just be a case of “Jane cannot possibly be logging in in Tokyo just now as she was in London an hour ago”, but could be “Jane cannot be logging in from that terminal as we saw her at that entrance door 30 seconds ago”. Security becomes more granular; more personal; more exact.
This may be great for a business, but the feeling of the individual may be different. Although individuals seem to be happy to place loads of personal information on Facebook, LinkedIn, Genes Reunited, and other social networking sites, they do not seem to be happy when these are actually mined and used for any reason whatsoever. It is likely that the micro-tracking of individuals by an organization may meet with some level of fight-back.
However, consider what the big, bad national security forces can do. Mobile phones can be easily triangulated; camera surveillance is growing; computer usage over the same mobile networks allows for even greater granularity in tracking any single individual. Adding 10 or so wearable devices to the mix, as well as extra information being chatted from home-based devices to the internet, will allow a pretty full picture to be built up of how any one person lives.
And this then brings us to the BlackHats. If a government can track an individual and use big data to build up a picture of activity, so can the bad (or “worse”, depending on your viewpoint) guys. Your property could be chatting out all sorts of data, and pattern recognition could be used for bad purposes. For example, the pattern of device usage while you are there is very likely to be different to when you aren’t. A two-week vacation could be reasonably easily identified by burglars through just watching the packets leaving your IP address. Matching this with your personal device signatures could show that you and your devices are a few hundred miles away from home — and that the bad guys have a reasonable amount of time to go and burgle your property.
The IoE could be a great thing — we can get great control over our lives through being able to control our homes as we travel from work back to them. However, without adequate controls on not just the devices themselves, but in the patterns of activity that they radiate out on the internet, the IoE could be a great doorway to all our activities for the bad guys.