Access control is becoming a greater and greater challenge. Traditionally, access control consists of managing access, authentication and authorisation. The challenges get greater when we consider the Internet of Things because many of the “things” don't have an easy way to manage these functions. When we look across the internet and consider that today there is far more inter-device and inter-application access control needed, we see that the traditional issues of managing access, authentication and authorisation are complicated by disparities in the things to which we are managing access.
Certificates have, in the past, been the key to achieving management of access to disparate systems, but certificate hijacking is a common practice of the bad guys today. So, we go back to the beginning. The problem that certificates were intended to solve still is with us. Then we look at massive denial-of-service attacks such as the one in late October that knocked offline dozens of popular websites – including Twitter and Netflix – and ask how that could have happened. Although that attack was pretty simplistic, it had some features of interest.
For example, what if it hadn't been a DDoS but, rather, a massive data theft – credit cards, trade secrets, whatever – attack? It depended heavily on the IoT to get its job done. In order to turn your toaster into a ravaging zombie computer you need to gain access to it. Access control again. And a very difficult problem at that. What if there is no place in your toaster to install access control? Perhaps, you go for a toaster that does not live on the internet.
This may seem like a trivial example but the idea is solid. Many IoT devices simply do not have the ability to have a sophisticated access control system installed or managed. (Do you really want to be the system administrator of your toaster, refrigerator, baby monitor and TV set-top device?) As you will see from our Innovator in this section we are not faced with an unsolvable problem. But it's no cakewalk, either. Our Innovator in this section is well on the way to meeting tomorrow's challenges in the IoT arena.