Internet of things refers to the environment or scheme which enables everyday objects in our world to have network connectivity and the ability to send and receive data. Some examples of things in the “Internet of Things” could be an individual with a heart monitor implant, smart phone or an automobile with in-built sensor. In other words, this thing can be any natural or man-made object that can be assigned an IP address and enabled to transfer data over networks. With Internet of Things, objects can be controlled remotely and more opportunities exist for integrating the physical world into computer based systems and it can transform the way we work and live. However, the most important threat to Internet of Things is breakdown of security.
A Cisco report predicts that there will be an estimated 50 million connected devices by 2020 which also includes everyday devices that can be assigned IP addresses. Such a huge growth in the number of connected devices also opens a lot of potential vulnerabilities making it a hacker’s playground. Multi-factor authentication is a powerful technique to fend off such attacks and thus analysts predict that it will continue to gain popularity in the coming years. Moreover, in view of the increasing number of cyber-attacks US regulations make it mandatory for federal government websites and contractors to use multi-factor authentication. Also, financial institutions and other merchants are looking for solutions that will act as an additional layer of authentication for their customers.
Importance of authentication
Authentication is the process to confirm a user’s identity and is a key factor in securing any computer system or network. Along with confidentiality, integrity and authorization it helps to prevent any unwanted system intrusions and reduce vulnerabilities. Up until a few years back, the most common form of authentication to secure systems and networks was based on user id and password combination. However, with the development of sophisticated technologies, passwords can no longer be considered very secure and also expose the system to a number of vulnerabilities such as hacker attacks, eavesdropping etc. Even though passwords are still widely used, they are in fact supposed to be the weakest link in an organization’s security system.
Besides, the rise of Internet of Things has led to the number of devices to grow manifold and users will simply find it infeasible to remember innumerable passwords. Therefore it is critically important for the mandatory update of security protocols and procedures to keep up with this continuous evolution of internet and ensure that users and organizations continue to enjoy its benefits without worrying about the security of their data and devices.
Social network is a part of day-to-day life and the seamless integration of these networks with various electronic devices such as smartphones, fitness trackers etc. now allows individuals to communicate with anyone around the world at the click of a button. A lot of information is thus being shared relating to health, online social accounts and many more. Although this information sharing and easy accessibility has paved the way for collaboration on the internet, it also exposes the loopholes of these systems. A simple authentication procedure such as user id and password cannot guarantee the privacy of the information that is shared. Various third party intruders can intercept the communication that takes place between social media and smart objects resulting in loss of privacy of the users. Such an intrusion might also expose the authentication details of users to unscrupulous individuals.
Moreover, the threat of viruses, malware and spam also increases with the continuously growing number of devices connected to the internet. All these factors stress the need to build an enhanced and robust authentication system. This authentication system should be able to handle any intrusion detection as well as offset any threats posed by malware, botnets and spam. A multi-factor authentication system can provide this enhanced security as it uses more than one factor of authentication to verify individuals or authorize transactions.
Why is multi-factor authentication necessary?
A safe browsing experience and secure exchange of online information cannot be guaranteed by using a single authentication factor such as password. Authentication is a very important aspect of internet security which if overlooked can compromise the integrity of the whole network and allow unauthorized individuals to access networks and systems and steal valuable user data. There is also an exponential increase in the number of mobile devices that are used by consumers for banking, shopping, paying bills etc. which have generated a lot security concerns and created a lot of interest in multi-factor authentication technique.
A single piece of information like password makes the system very vulnerable to malicious attacks. A multi-factor authentication requires more than one form of authentication to verify user’s identity. Therefore, multi-factor authentication can prevent security breaches and enhance the privacy of user accounts by providing an added layer of protection. The use of biometric traits as authentication factors in addition to passwords or PINs is gaining a lot of traction. Biometrics is the inherent characteristics of individuals and thus can assure the highest level of accuracy, privacy and reliability. Some examples of biometric authentication include fingerprint scan, retina scan, facial recognition, voice recognition etc.
How can multi-factor authentication be applied in Internet of Things?
The deployment of a multi-factor authentication system that combines password or PIN with biometric traits not only ensures secure access to smart things but also makes the process of gaining access very convenient for the end user. We will discuss three applications where the deployment of multi-factor authentication has helped to enhance the security framework.
Smart homes: These homes have automated systems for monitoring of temperature, alarms, alerts, doors, windows etc. which the house owner can remotely control using his or her mobile device. Thus, safety is of paramount importance for the owners and several authentication methods such as passwords, hardware tokens and biometric authentication exist to assure security. However, studies indicate that password systems might not be suitable and lag behind due to the associated memorability factor. In this case, biometric authentication is better suited and the automated system can be configured to provide access to several members of the house. Also, it is essential to have a multiple hierarchy of authentication such as a PIN based authentication combined with fingerprint recognition system. So even of the PIN is lost or stolen, the second layer of authentication i.e. fingerprint recognition will prevent any unauthorized individuals from gaining access. Thus a multi-factor authentication system enhances the security of smart homes.
Smart offices: Organizations need to ensure the security of their premises as well as the identity of their employees. The most common way of verifying employees working in an office premise is through the use of an identity card (ID). Identity cards cannot be considered highly secure as they are prone to being lost, stolen or shared. Employees can share cards resulting in time theft and buddy punching. Unauthorized individuals could gain access to the office building using a stolen card. There is no way of guaranteeing that the person presenting the card is actually the authorized individual. As security of physical and logical assets is of paramount importance to organizations, adopting a multi-factor authentication will prove highly beneficial.
For example, employees can be issued RFIDs to access the office campus. Next, to enter the office building fingerprint recognition system can be implemented such that no individuals apart from the authorized employees can enter the office building. A third level of authentication such as facial recognition software can be deployed in order to authorize access to certain restricted areas in the office building such as labs or server rooms.
Smart airports: Maintaining security at airport is a pretty tedious task as checks are done manually. With the large number of domestic and international travellers passing through ports of entry, manual checking of passports is not an efficient mechanism and results in delays and frustrated travelers. An automated security system that uses multiple factors of authentication will increase airport security manifold and ensure smooth flow of passengers.
For example, facial or fingerprint recognition software can be used at the airport entrance to detect individuals and will be provided access to that area depending on their tickets and identity documents such as passports. Then, fingerprint recognition software deployed at security check-in counters will enable airport officials to verify the passenger’s identity. Such multi-factor authentication will help to fight against the rising threats of international terrorism and assure traveler safety.
With the growth in the Internet of Things, the security vulnerabilities associated with it are also on the rise. We have discussed how combining different authentication mechanisms can provide enhanced security and robustness for internet of things. Multi-factor authentication can create a more secure experience for all users and eliminate the risk of their credentials getting exposed to unscrupulous and third-party individuals.