01 Crypto Quantique
Crypto Quantique is quite literally redefining the concept of internet of things (IoT) security by introducing quantum technology. This UK company has developed the world’s first quantum-driven secure chip on silicon. The Crypto Quantique chip can be integrated as part of the development process or retrofitted into any connected device. “It has been developed using the most advanced techniques in cryptography and quantum physics, which means each chip is unique to every device and unclonable,” says company co-founder Shahram Mossayebi. Of course, he won’t say it is unhackable, but it’s certainly as near to it as anything can be. “Today, millions of devices are sent to facilities around the world to have secret keys ‘injected’ into them. Our product completely eliminates this huge cost and security overhead, and establishes a root of trust in a way that nothing else available today can,” explains Dr Mossayebi. Here’s the scientific bit: each chip can generate large numbers of unique and tamper-evident cryptographic keys by harnessing quantum processes in nano-devices. This eliminates that need for secure key storage on the device as the keys can be retrieved on demand. What’s more, this chip is meant to be foundational, so the problem of IoT security being a bolt-on for legacy products could become a thing of the past. “This kills the ‘feature function’ conversation in IoT security,” says Dr Mossayebi.
Karamba has taken a sideways look at IoT security by looking at one of the “things” that we trust to be secure, but often isn’t: the automobile. Yes, that’s right, vehicles are not only increasingly part of the IoT ecosystem, but come with myriad IoT technologies built in. Connected cars are changing what we expect from our vehicles, but as numerous high-profile hacks have exposed, this often comes with insecurity as the factory default. Israeli startup Karamba decided to change this by sealing the electronic control unit, the brains of a connected car, to factory settings that cannot be tampered with. “Karamba Security’s software automatically hardens IoT devices according to factory settings,” David Barzilai, chairman and co-founder explains. “The software is integrated as part of the IoT device software creation process.” So, without requiring any developer co-operation, it automatically extracts factory settings from the device binary code and is embedded seamlessly into the device’s software. “In runtime, when a deviation from factory settings, a cyberattack, is detected then Karamba’s software prevents the attack,” says Mr Barzilai. “IoT devices do not rely on costly, cumbersome-to-deploy updates. Utilising a sub-5 per cent overhead, the software hardens the devices without requiring any hardware or software changes.” Of course, this same technology can work elsewhere and in most IoT infrastructures.
03 Ultimo Digital Technologies
Ultimo Digital Technologies (UDT) is developing a blockchain-enabled ecosystem that aims to trace and authenticate IoT data. The Sydney-based startup has created the Ubique Chain of Things (UCOT) “to disrupt a trillion-dollar global supply chain economy”. By combining the cutting-edge technologies of 5G narrowband telecommunications infrastructure and blockchain to track every step of the supply chain, UDT aims to prevent the sale of counterfeit products. This is of concern to its Chinese backers as fake baby formula milk has become a life-and-death problem in China. As UDT says, UCOT will enable “manufacturers to monitor their products’ journey from the factory floor right into consumers’ hands”. Of course, component and supply chain tracking itself is nothing new, but a system that requires no third-party scanning at any point certainly is. UCOT works by embedding microchip “labels” with their data securely stored in the blockchain. What this means is the data cannot then be forged, so product integrity is maintained. It also means this kind of technology could see UDT become a big player in IoT security as a blockchain-embedded chip within IoT devices would negate the risk of distributed denial of service, or DDoS, attacks that have become prevalent. With no central system vulnerable to attack, the DDoS threat becomes impotent.
Iotic helps make dumb machines smart by creating intelligent digital twins of connected IoT devices and the wider data estate using a cloud-hosted middleware space. Last year, Gartner heralded digital twins as a top-ten strategic technology trend. What they deliver is something often regarded as impossible: IoT security coupled with open interoperability. Imagine different platforms, services, networks and devices securely interrelating with public and private third-party sources. Robin Brattel, Iotic’s chief executive, explains that this patented technology “enables secure programmatic interoperability of data and controls for interactions across organisations, supply chains and silos”. Unsurprisingly, it is garnering support in the high-value manufacturing and construction sectors. “It is the digital twins that interrelate, with actual devices, data sources and equipment never exposed,” says Mr Brattel. “These interactions are securely brokered with granular access control; the source or control is always in charge adaptively choosing when and to whom they are visible.” What this means is that by using an intelligent abstraction layer, Iotic can overcome the well-documented challenges of IoT security that have led to the creation of data siloes and vertical technology stacks that previously limited return on investment. “Our technology is being adopted by market-leading global enterprises to achieve the impossible,” Mr Brattel concludes. These abstracted digital twins become a single source of truth, enabling solutions from simulation models to reality and minimum viable product to scale.
MagicCube co-founder and chief executive Sam Shawki, a former global head of remote payments with Visa, pondered why IoT transactions couldn’t be as secure as your phone. Applications for everything from driverless cars to medical devices face the same fundamental problem: they’re for IoT devices that can’t be secured using legacy technology. He understood that the common methods of securing mobile transactions, such as secure elements, using a programmable SIM or trusted execution environments on the processor itself, offer high degrees of security, but neither are suitable for an IoT security implementation. “IoT devices are more diverse than mobile phones,” Mr Shawki explains. “Most IoT devices don’t have SIM cards or security chips, either for cost reasons, form factor or due to the complexity of hardware security.” This is where MagicCube steps in by virtualising the function of such hardware and creating a virtual vault that can practically reside in any IoT device regardless of its maker. “The disruption will be massive as is always the case when hardware is successfully replaced,” Mr Shawki insists. “Suddenly, securing IoT becomes downloadable, remotely upgradable and instantly deployable.” If MagicCube succeeds in this, it could shake the sector in the same way Netflix did with the video tape rental market. Indeed, IoT security could face the same Kodak moment that happened when a camera became just an app.