You are the news now

THE NEWS COMMENTER

Screenshot Wired.com
VOTE  (0)  (0)

An Open Source Bid to Encrypt the Internet of Things


Added 01-20-20 08:06:02am EST - “IoT is a security hellscape. One cryptography has a plan to make it a little bit less so.” - Wired.com

CLICK TO SHARE

Posted By TheNewsCommenter: From Wired.com: “An Open Source Bid to Encrypt the Internet of Things”. Below is an excerpt from the article.

End-to-end encryption is a staple of secure messaging apps like WhatsApp and Signal. It ensures that no one—even the app developer—can access your data as it traverses the web. But what if you could bring some version of that protection to increasingly ubiquitous—and notoriously insecure—Internet of Things devices?

The Swiss cryptography firm Teserakt is trying just that. Earlier this month at the Real World Crypto conference in New York it introduced E4, a sort of cryptographic implant that IoT manufacturers can integrate into their servers. Today most IoT data is encrypted at some point as it moves across the web, but it's challenging to keep that protection consistent for the whole ride. E4 would do most of that work behind the scenes, so that whether companies make home routers, industrial control sensors, or web cams, all the data transmitted between the devices and their manufacturers can be encrypted.

Tech companies already rely on web encryption to keep IoT data secure, so it's not like your big-name fitness tracker is transmitting your health data with no protection. But E4 aims to provide a more comprehensive, open-source approach that's tailored to the realities of IoT. Carmakers managing dozens of models and hundreds of thousands of vehicles, or an energy company that takes readings from a massive fleet of smart meters, could have more assurance that full encryption protections really extend to every digital layer that data will cross.

"What we have now is a whole lot of different devices in different industries sending and receiving data," says Jean-Philippe Aumasson, Teserakt's CEO. "That data might be software updates, telemetry data, user data, personal data. So it should be protected between the device that produces it and the device that receives it, but technically it's very hard when you don't have the tools. So we wanted to build something that was easy for manufacturers to integrate at the software level."

Being open source is also what gives the Signal Protocol, which underpins Signal and WhatsApp, so much credibility. It means experts can check under the hood for vulnerabilities and flaws. And it enables any developer to adopt the protocol in their product, rather than attempting the fraught and risky task of developing encryption protections from scratch.

Read more...

Anonymous comments are welcome, just check the "Comment Anonymously" box before submitting your comment. Note: Comments are free and open until someone ruins it. Don't dox, promote violence, etc. Be nice and have fun.

CLICK TO SHARE

BACK TO THE HOME-PAGE