eIDAS and Trusting the Internet of Things

by Gaurav Sharma (guest) on 23. April 2018

The Internet of Things or IoT is a broad term for the billions of connected physical devices including vehicles, appliances and other electronics that can communicate and exchange data with each other. These devices are everywhere and by 2020, there are likely to be anywhere from 3 to 7 such connected devices for every living person!

IoT devices are not just restricted to personal use though. Infrastructure services like power plants, railways, streetlights and even some military vehicles fall into the same category. This makes the IoT perhaps the most useful as well as the most vulnerable asset of modern civilizations. Increasingly, this vulnerability is being taken advantage of by state actors or criminal elements for their own benefit.

The criticality of the threat to us, as a result of IoT, perhaps gets enhanced due to the fact that it can affect the physical world rather than just impact digital data or records. A bad actor can hack into a car and cause it to lose control or hack into a power grid and cause an outage. All of this has put a new emphasis on closing loopholes and erecting barriers against potential breaches.

The need to bring “trust” to the Internet of Things

The vulnerabilities of the IoT and its criticality means that certain improvements need to happen immediately. The eIDAS regulation goes a long way in ensuring trust in digital services and it is something that is needed for the IoT as well.

The primary way in which a standardized regulatory framework can make the IoT more secure is by providing “Proof of Identity”. This is the first and most important step in securing access to the dozens of connected devices that we use every day.  As our dependence on such devices increases, so does the need for a common framework like eIDAS which can provide a minimum guaranteed level of security based on standard procedures and protocols across jurisdictions. There is an important need for providing secure and trustworthy electronic identification, authentication and authorization for IoT devices. Without this, the system will be vulnerable and the potential for abuse will keep rising with time.

Another way in which regulations like eIDAS can help is the legal and liability framework. eIDAS ensures the legal compliance of services which are provided using its framework. Something similar is needed for the Internet of Things - a universally accepted framework that defines the legal requirements for compliance and then ensures compliance with that legal framework. It needs to address the issues of cross-jurisdiction disputes and issues and set the standard for regulatory/ legal compliance in the IoT world.

Conclusion

eIDAS and other such regulations will go a long way to ensure that digital transactions are secure, and users are protected. However, this same level of security and trust needs to be extended to the other network as well – the Internet of Things. The IoT needs a strong framework that ensures user’s identity, provides privacy and strong authentication capabilities and a rock solid legal and liability framework to protect users.  

Download white paper

References and Further Reading

Image: Microsoft Azure Sphere OS (Linux kernel) #iot, courtesy of medithIT, Flickr (CC BY 2.0)

Other Related Articles: # Digital Signatures # eIDAS # IoT

Want to know how we can help ?

Get in touch to better understand how our solutions secure ecommerce and billions of transactions worldwide.