Founding father of the Internet Vint Cerf has issued a challenge for security researchers to ensure that the surge of devices hooking up to the Web in the so-called “Internet of Things”.
Cerf, who is now an evangelist at Google, said an identity-led system would bring security to the world’s connected devices, speaking at RSA 2013 in San Francisco. Cerf’s suggestion is for a system based on devices that can generate a truly unique public-private key pair. The private key cannot be extracted without destroying the pair, and could not be computed from the public key. It should also be able to encrypt or decrypt “digital objects” on demand.
It appeared Cerf wants public key infrastructure at the heart of how identity works on the Internet of Things, with little standardised chips in each device initiating secure communications.
The overall aim is to “design a system that capitalises on the strong authentication property to configure either closed or open systems to manage or access authenticated devices”, on a massive scale. “The ideas may even turn out to be stupid. They might be about simple ideas to make things more likely to work,” Cerf admitted.
“We should be very thoughtful right now about the fact that a lot of these devices are going to be part of our environment and a lot of them are going to need to be managed.”
He backed the idea of third parties given control over certain areas of the Internet of Things, such as home entertainment systems or energy usage, to provide greater efficiency.
Cerf also supported the use of strong “pseudonymity”, where pieces of information about people are given away, but not enough to figure out who they are. Where someone wants to know more about another, if they were after a loan, for example, a trusted authority could be contacted, which can verify certain things about Internet denizens, he suggested.
“We don’t need to bind identity and identifier, we can keep those separate.”
The idea of psudonymous data has been used heavily in submissions to the European Union on privacy from the likes of Google and Yahoo. The Internet giants argue that pseudonymous data allows them to make use of Internet content without infringing people’s privacy – something which privacy advocates argue strongly against.
Are you a pedant on privacy? Try our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…
View Comments
The number of detected mobile malware attacks continues to skyrocket. McAfee counts over 36,000 mobile malware threats—almost entirely targeting the Android OS.
Think twice about having Android in your stuff.