Identity Management: The Security First Approach To Smart Cities

Biju Varghese, Group Head - Enterprise Business, eMudhraA techno managerial expert, Biju comes with 20 years of experienece in managing delivery of turnkey projects for large customers across industry segments

Smart cities are no longer a futuristic theory. It’s a practical model that governments today are embracing all over the world. A smartcity is built on the concept of ‘Internet of Things’ which is simply interconnected devices(Street lamps, Traffic lamps, Healthcare, logistics and many others.) that make the city smarter. As human beings, our identities are what makes us unique to each other. The same notion today applies to a smart city. With an estimate of 25 Billion connected devices to surface by 2020, smart city planners today are facing something similar to an identity crisis!

All about connecting things
Until now IoT has been all about connectivity i.e. making one device talk to another. The ways in which IoT devices talk to each other changes from project to project from wifi, 4G LTE, LoRA, and other such communication methodologies but the devices themselves remain relatively dumb. Hackers are getting bolder and more coordinated and this industrialization is putting businesses on the defensive against a growing group of adversaries that steal information for profit. So great were the rewards in our quest for connectivity and communication among devices that we have overlooked in our rush, identifying which devices were communicating with each other from where they originated and with what level of assurance.

Identity a critical component in the quest of making smart cities safe
Digital identity management is about creating a system where connected devices within the network can be verified and authenticated in a foolproof manner. Hackers enter the network through unguarded channels and for the most part connected systems like smart cities collect data, analyze it and implement the commands given without really knowing where the data came from. By granting unique identities to every device within the network, and having a foolproof measure in place to authenticate this identity, the IoT ecosystem becomes a lot less prone
to breaches and attacks and in turn, becomes safer than it is today.

In 2013, the Bowman Avenue Dam in New York was taken over by hacking into the industry standard software used in many connected devices. Public infrastructure will always be the most attractive targets for breaches. A hacker could infiltrate a city’s traffic flow system and turn all the lights red during rush hour, while simultaneously interrupting all the radio stations preventing the drivers from being warned. The entire city could be gridlocked within minutes.

IoT is certainly a space where security will play an increasing role as we evolve. As a result, all devices within a smart city IOT network would need to have identity-based security designed in them from the ground up

When you know which device the command came from or if the source is malicious we can control and have pre emptive strategies in place making sure there aren’t any dire consequences. The smartest cities on the planet among them Sa Songdo in South Korea, Hong Kong and Tokyo are among the most vulnerable, being saturated with IoT devices.

‘PKI’ powering the city of tomorrow
When dealing with complex IoT Ecosystems, it’s all PKI based identity management system in place we can not only enable automated responses in times of better traffic control in peak hours, but rather from various sensors, and other devices are d come from a trusted source.

Envision for example, a crowded city during peak hours with imminent traffic that threatens to slow down thousands of citizens amongst other critical carriers. The use of IoT itself could suffice in automatic traffic control to some extent based on inputs from cameras, sensors, and even citizens themselves. The risk, however, lies in someone compromising the ecosystem to feed malicious content which would only result in further chaos.

That’s where a PKI based identity ecosystem becomes important in an IoT network. It gives that additional layer of protection that could help mitigate the probability of any such scenarios. Maybe not today or even in a year, but it surely will become essential to use PKI in managing device identities sooner or later.

Security a mandate, not an expense There’s always a battle between cost and security in most IT ecosystems. However, recent times have shown us not to compromise on security where it’s required. IoT is certainly a space where security will play an increasng role as we evolve. As a result, all devices within a smart city IoT network would need to have identity-based security designed in them from the ground up.

We all know that IoT can greatly enhance nearly every aspect of city living. It is equally important that every connected device within the smart city infrastructure, be it a car, a street lamp or a motion sensor has a PKI based identity for improved security.

If a device can be identified and such identity can be validated in a trustworthy and foolproof manner, it is that much easier to confirm that the data generated is genuine and can be trusted. This distinction will be crucial in managing access and breaches, ensuring that the ‘Internet of Things’ around us is something that we can rely on with peace of mind.