Trust as key factor for IoT success
Identity, software integrity, and transaction integrity are all examples of trust issues. “Glitching”, “side-channel analysis”, “data tampering” and “identity theft” are some of the threats that could lead to corrupted data and/or broken privacy, and could wrongly influence decision-making processes in a failing trust design.
Get prepared; you will hear so much about it. In the upcoming years we will experience a tremendous growth and demand for solutions to establish machine trust. The answer is always an acronym: HSM, TPM, PKIs and TEE are just a few examples of great new or revamped solutions aiming to establish trust that are popping up in the IoT universe.
Trust is not entirely new to security folks. This time we’re about to grant trust to machines that can interact with the physical world; that's the big deal! It’s no longer about M2M. Humans must extend the trust circle to machines; that sounds scary but, again there’s nothing new as we do it every day when driving our cars or submitting bank transactions on-line. We trust our bank and the technology behind the home-banking service.
IoT must learn to influence our “psychological safety”, but it’s not doing great for the time being! Such concepts are well known to economists and management experts. Psychological safety is what makes employees happy, creates trust in managers’ leadership and builds winning teams. End-users must trust the IoT solution; data, privacy, efficiency and availability, it’s all about trust.
We need guidelines and mandatory regulations governing IoT security. Probably something will come soon from the US National Institute for Standards and Technology (NIST) or a similar entity. The US may be the first country to impose rules and liabilities. People trust institutions as safety regulators. That’s one way to extend trust to the IoT but at the same time it forces companies to follow a proper secure development life cycle and consider security testing.
Humans establish trust by head and by heart. Machines can probably mimic head, learn to establish trust by means of technology, protocols and crypto. Establishing trust is a must in accomplishing the next big revolution. I just can’t wait to understand more about this fascinating relation between people and machine trust. How far I am now from the Commodore 64, after not even 30 years… So far, yet not far enough. No, I’m not afraid of the IoT; despite Spielberg’s vision, there is something that machines will never get. It’s called heart.