Cover Image
市場調查報告書

連網型系統的認證

Authenticating Connected Systems

出版商 VDC Research Group, Inc. 商品編碼 315705
出版日期 內容資訊 英文 14 Pages; 29 Exhibits
商品交期: 最快1-2個工作天內
價格
Back to Top
連網型系統的認證 Authenticating Connected Systems
出版日期: 2014年09月08日 內容資訊: 英文 14 Pages; 29 Exhibits
簡介

本報告提供物聯網的認證連接系統所採用的手法議論與分析、認證解決方案市場的主要策略的課題、趨勢以及其他的影響因素的議論、技術類型、產品分類及產業部門的市場分析與重要的討論事項。

摘要整理

認證:鑑別器vs.安全隔離網閘

人物認證

  • 圖表:對內建式設備來說機器對機器的認證比人對機器普及
  • 圖表:附人對機器認證的內建式設備間的密碼儲存的定位
  • 圖表:內建式設備保存/加密密碼用格式
  • 圖表:內建式設備中多係數及多通路人對機器認證的實行方法
  • 圖表:內建式設備中實行多係數人對機器認證的生物辨識

機器認證

  • 圖表:認證採用的不對稱加密研究
  • 圖表:M2M認證PKI(公鑰基礎建設)的利用
  • 圖表:為PKI組織使用的認證機構
  • 圖表:加密密鑰/認證管理軟體

見解&考察

關於本報告

目錄

This report discusses and analyzes methods used to authenticate connected systems in the Internet of Things. It also discusses key strategic issues, trends, and other factors impacting the market for authentication solutions. Market analysis and critical considerations are offered across technology types, product categories, and industry sectors. The report integrates selected findings from VDC's recent Authentication & Encryption survey of OEM embedded device engineers. (Full survey data is provided as a separate Excel spreadsheet.)

What questions are addressed

  • What are the ramifications of inadequate device authentication
  • Which authentication methods are most widely used today, and how is this likely to change in the coming years
  • Why is multi-factor authentication becoming more important
  • Do next-generation out-of-band authentication methods leave users vulnerable to man-in-the-middle attacks
  • What companies are leading vendors of authentication technologies, and how are they positioned relative to each other

Executive Summary

Authentication is a critical aspect of security for connecting devices to people or other devices and services. Authenticating the identity of people is fraught with potential security challenges, including weaknesses of both the people and the procedures. The use of multi-channel and multi-factor authentication to improve the security of human-to-machine authentication is increasing in many business applications, but their acceptability for day-to-day consumer applications is less certain. Machine-to-machine authentication is based on asymmetric encryption and commonly relies on Public Key Infrastructure (PKI) and a Certificate Authority (CA) as a trusted third party. The number of encryption keys that an embedded device needs to manage grows with the number of devices with which it connects, potentially straining embedded devices with limited resources.

[Data available in full report.]

Key Findings

  • Internet connectivity is not yet ubiquitous. About one-third of recent embedded projects are intended for hardwired local area connections where authentication is not required.
  • Among recent embedded systems that use passwords for human-to-machine authentication, one quarter of them store passwords in plain text, although more than half use salted hash techniques to secure their passwords.
  • USB security tokens are the most common form of multi-factor human-to-machine authentication.
  • About three-fifths of embedded OEMs use Public Key Infrastructure for their machine-to-machine authentication.
  • Open source encryption key and certificate management software is used by more embedded OEMs than commercial solutions.

Ideas & Insights

Authentication is a critical aspect of security for connected devices, yet the process is fraught with potential weak points. For human-to-machine authentication, a password is usually the weak point, or more specifically, a human that chooses and must remember the password is the weak point. Given the security risks that increase exponentially with the number of devices connected, VDC sees it as inevitable that multi-channel and multi-factor authentication will replace passwords alone as the standard for H2M. This shift has already occurred in many high-risk systems, such as banking and finance, and is growing in general business applications. But the largest volume opportunity is for commercial solutions in the consumer IoT market. Multi-channel passwords are generally palatable to consumers, but multi-factor solutions are an open question.

It remains to be seen is whether consumers can be convinced en masse of the need to adopt true multi-factor solutions, such as low-cost hardware tokens (e.g. Yubico's YubiKey) or biometrics for day-to-day device access. A portion of consumers are bound to lose tokens or other physical authentication devices, necessitating a means (temporarily at least) to bypass them, which in itself constitutes a potential security hole. And many consumers perceive biometrics to be somewhat creepy, due to concerns about potential theft of their most personal attributes. A number of vendors, such as Keypasco and Delfigo Security, are developing solutions (currently targeted at mobile phones and tablets) that are easier to use than tokens or even biometrics. We anticipate more of these types of solutions to make their way into the embedded device market.

For machine-to-machine authentication, the solutions largely exist already, with several caveats. First, encryption key management will become more critical as the number of devices in an IoT system increases. Many embedded devices won't have sufficient resources to handle the task, including key revocation and purging of keys otherwise no longer being used. To better handle key management, the IoT expands opportunity for Authentication-as-a-Service.

Second, the existing PKI system relies on trusted Certificate Authorities. Although breaches of CAs have been rare and small-scale thus far, large scale breaches of those CAs could undermine the entire current PKI system.

And third, the National Security Agency (NSA) and other entities are actively developing quantum computers, which could someday crack the public key cryptography technology widely used for authentication by being able to derive a private key from its matching public key. Even the threat of that could produce a huge surge of research and investment in quantum-resistant cryptography, such as NTRU.

Table of Contents

Executive Summary

  • Key Findings

Authentication: Identifier vs. Gatekeeper

Authenticating People

  • Exhibit 1: Machine-to-machine authentication more prevalent than human-to-machine for embedded devices
  • Exhibit 2: Locations of password storage among embedded devices with human-to-machine authentication
  • Exhibit 3: Formats for storing/encrypting passwords for embedded devices
  • Exhibit 4: Methods implemented for multi-factor and multi-channel human-to-machine authentication in embedded devices
  • Exhibit 5: Biometrics implemented in multi-factor human-to-machine authentication in embedded devices

Authenticating Machines

  • Exhibit 6: Asymmetric encryption algorithms used for authentication
  • Exhibit 7: Use of Public Key Infrastructure for M2M authentication
  • Exhibit 8: Certificate authorities used by organization for PKI
  • Exhibit 9: Encryption key/certificate management software

Ideas & Insights

Back to Top