Identity for IoT E021

Подробнее о видео

IoT Identity – May 23, 2024
Identity versus Authentication
Some years ago, a major bank in New York City revealed that they were already using multi-factor authentication, ahead of their peers. The PR agency said, “We require both a userid and a password – that’s two factors.” This comprehensive misunderstanding opens the gate to talk about the important difference between identification and authentication. This matters especially when we realize that identity-based security will figure heavily in securing the Internet of Things. So, what is identification? It is the assertion that you are a particular individual, not that you have specific rights and privileges. For this purpose, biometric data is entirely about identification. It’s a more refined version of a userid. Once you say you are someone, you need to prove that you are someone. Getting a RealID on your driver’s license means you bring the Dept of Motor Vehicles proof of your identity – a birth certificate, a recent utilities bill sent to you at your home address, a previously issued identity document (an old driver’s license, a passport), and in the US your social security card. Note that the Social Security card says that it is not to be used as proof of identity – and I had a clerk at the DMV point this out – but it is part of the identity portfolio, ad can serve as a base for further identity verification.
For IoT devices, such things as a serial number or MAC address contribute to a component’s identity. Its network location, its record in the company inventory or procurement system, and its maintenance history are components of its identity too. This matters because all these things can be tampered with or altered, even a MAC address. When you deploy your identity management solution, you must record the evidence you use to establish a device’s identity. And identity management is a foundation for zero trust, and all other effective information security architectures.
A Bit of Security for May 23, 2024
Identity Management is foundational for zero trust – or any comprehensive effective information security architecture. But how do you establish identity? Isn’t it the same as authentication? Listen to this -
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #identity #IoTsecurity #zerotrust #BitofSec