Researchers have proposed a way to overcome an IoT security issue having to do with a smaller IoT device’s lack of access to GPS when being deployed.
While the Internet of Things has made it possible to connect a wealth of household items to the internet, it has also increased the security risks for people and businesses, as a lot of these smaller devices are not equipped with the same level of verification, encryption, and security as smartphones and personal computers.
One of the most common ways to secure wireless communications with Internet of Things (IoT) devices is through the generation and synchronization of random numbers in real-time, with the synchronization stage using a timing reference from the global positioning system (GPS). The issue is that a lot of smaller IoT devices do not have access to a GPS signal or do not have access to it all the time, usually pulling it from a nearby mobile device.
This leaves the IoT device open to cyber-threats, as attackers can prey on the defective synchronization to obtain access to the IoT device and potentially the entire network.
To eliminate this deficiency, researchers from the Department of Electrical & Systems Engineering at Washington University in St. Louis have proposed a new system, a synchronized pseudo-random-number generation (SPRNG), which does not require a GPS extraction for the timing reference and instead uses a self-powered timer array using quantum-mechanical tunneling.
“In this method, the proposed SPRNG could be used as a trusted platform module on Internet of Things and used to verify and authenticate secure transactions, such as software upgrades,” said professor Shantanu Chakrabartty of the Department of Electrical & Systems Engineering at Washington University in St. Louis. “Since this system does not require access to GPS for synchronization, it could be used in resource-constrained and adversarial environments, including health care and military IoTs.”
IoT devices are considered one of the most insecure parts of most homeowners and businesses’ networks, as they come with little security out of the box and most users do not add security. Many do not even have their default password changed, giving cyberattackers easy access to the device.