An Effort to Encrypt IoT to Bolster Security
Wed, April 21, 2021

An Effort to Encrypt IoT to Bolster Security

End-to-end encryption is a staple feature of WhatsApp and Signal / Photo Credit: everything possible (via Shutterstock)

 

End-to-end encryption is a staple feature of secure messaging apps such as WhatsApp and Signal, but what if this kind of protection is applied to IoT devices? Swiss cryptography firm Teserakt is attempting to do that, said Lily Hat Newman of monthly American magazine Wired. At the Real World Crypto conference in New York earlier this month, Teserakt introduced E4, a kind of cryptographic implant that IoT manufacturers can employ into their servers. Presently, most IoT data is encrypted at some point but it’s difficult to keep that protection consistent. E4 would do most of that behind the scenes. Whether companies manufacture home routers, industrial control sensors, or webcams, all data transmitted between the devices and their manufacturers can be encrypted.  

E4 seeks to provide a more comprehensive, open-source approach that is catered to the realities of IoT. "What we have now is a whole lot of different devices in different industries sending and receiving data," says Jean-Philippe Aumasson, Teserakt's CEO. Being open source gives Signal Protocol credibility. This means experts can check for vulnerabilities and flaws behind closed doors, enabling any developer to employ the protocol in their product. This prevents them from developing encryption protections from scratch, which is a lot riskier. Further, E4 intends to bolster defenses for information in transit to safeguard against data interception and manipulation. However, E4 cannot offer protection to a company if its servers are compromised.

Teserakt has been working with big tech companies in agriculture, health care, aerospace, automotive, and energy sectors to develop E4. The firm also intends to profit from the tool “by charging companies to customize implementations for their specific infrastructure.” For now, don’t expect E4 to protect the whole IoT industry as IoT needs as many available tools as possible. E4 is not a perfect solution for IoT-related issues, Aumasson acknowledged. “But it's an interesting discussion to have about what end-to-end really means in the IoT context," he added.