PerspectiveAn Open Source Effort to Encrypt the Internet of Things
End-to-end encryption is a staple of secure messaging apps like WhatsApp and Signal. Such encryption ensures that no one—even the app developer or the device manufacturer—can access the user’s data as it travels the web. “But what if you could bring some version of that protection to increasingly ubiquitous—and notoriously insecure—Internet of Things devices?” asks Lili Hay Newman.
End-to-end encryption is a staple of secure messaging apps like WhatsApp and Signal. Such encryption ensures that no one—even the app developer or the device manufacturer—can access the user’s data as it travels the web. “But what if you could bring some version of that protection to increasingly ubiquitous—and notoriously insecure—Internet of Things devices?” asks Lili Hay Newman. Writing in Wired, she adds:
The Swiss cryptography firm Teserakt is trying just that. Earlier this month at the Real World Crypto conference in New York it introduced E4, a sort of cryptographic implant that IoT manufacturers can integrate into their servers. Today most IoT data is encrypted at some point as it moves across the web, but it’s challenging to keep that protection consistent for the whole ride. E4 would do most of that work behind the scenes, so that whether companies make home routers, industrial control sensors, or web cams, all the data transmitted between the devices and their manufacturers can be encrypted.
Tech companies already rely on web encryption to keep IoT data secure, so it’s not like your big-name fitness tracker is transmitting your health data with no protection. But E4 aims to provide a more comprehensive, open-source approach that’s tailored to the realities of IoT. Carmakers managing dozens of models and hundreds of thousands of vehicles, or an energy company that takes readings from a massive fleet of smart meters, could have more assurance that full encryption protections really extend to every digital layer that data will cross.
