Making the Internet of Things more secure
The IoT will completely change the way we live and work: billions of connected devices (ranging from household to industrial appliances) will provide a constant flow of data and knowledge, and will help us make better decisions in all aspects of our lives. Yet, the IoT also comes with a number of security challenges.
“As the IoT matures, we risk no longer being in control. Connected devices monitor our activities and behavior 24/7 and – unless stringent security mechanisms are in place – all of the info these devices gather, might be shared (without our consent) with unknown parties. It is a threat that particularly holds true if the IoT is built on so-called closed source software,” says Prof. Dr. Bart Preneel, iMinds - COSIC - KU Leuven.
“There’s no need to panic, but we do have to think of ways to protect our data and keep them as local as possible (ideally in our personal environment); the cloud is not the ultimate solution to everything. Technologically, this is perfectly possible already – a.o. by using open source software,” Prof. Preneel continues. “While it is true that open source software is not inherently safer than the closed-source approaches, it does allow for more thorough checks and bug reporting – so that abuse becomes much more difficult."
iMinds is already developing such an open source platform, building on the Contiki Operating System, which is designed to run on the kinds of low-power wireless devices that will make up the Internet of Things. The challenge is to provide an open foundation that gives users more control while at the same time ensuring strong security to protect individual and corporate data. To put it simply, the platform should be open but the data must be closed.
Biometric encryption for wearables
In a recent article in Nature, Bart Preneel sheds his light on the security and privacy issues that come with the use of health apps and wearables. As an internationally acclaimed expert on cryptography and information security, Prof. Preneel considers using internal signals from the body – such as DNA or heartbeat patterns – as a promising approach to keep personal health data safe from unauthorized decryption. Continue reading