Think IT security is already devilishly over-complicated to implement? Just wait until you have to worry about securing the real world as well as the virtual.
Use of technologies such as RFID will force a rethink of how IT security is implemented, because the adoption of such devices will mean the Internet takes on a "physical dimension" rather than just living inside PCs, according to Ari Juels, chief scientist and director of RSA Labs.
As the cost of RFID tags comes down and take-up increases, more and more everyday objects will be connected to computing infrastructure--potentially leading to new security issues.
"This is interesting because it means the Internet is acquiring a physical dimension. We will have to think differently about the implementation of security in everyday life," Juels told ZDNet Asia's sister site Silicon.com.
Juels said healthcare is one place where in the next few years we could see the "physical and logical convergence" accelerate rapidly.
As a result, privacy--such as around patient data and medical records--will be of vital importance and the security of such tags and data is something that the labs is looking into, according to Juels.
Cloud computing too is also on the labs' radar: "The traditional enterprise model is the enterprise has physical control of the storage infrastructure and the mindset is one of basic trust. In the cloud model that changes; you don't know where the box is or even in which jurisdiction. This physical dislocation creates some new and interesting security challenges," Juels said.
One of these is knowing the data an organization has stored in the cloud is still there, he added: "If you've got it on tape you know where it is. If you back up to the cloud you have no idea where it is sitting or even on what media."
One option would be to download all cloud-held data regularly--a move likely to cause network congestion. RSA labs is now working on technology to check the veracity of data without downloading it all--Juels said the check could be done by downloading tens of bytes rather than gigabytes.
A third area the labs is researching is the use of mobile phones for authentication. Many people are reluctant to carry tokens for authentication, Juels said, so the labs are working on technologies to allow the Wi-Fi in a mobile phone handset to be used to transmit a passcode directly to a PC to authenticate the user or transaction. As the user doesn't have to type in the passcode this means it can be much longer--potentially making the security better.
With mobile phones such as the iPhone now coming equipped with sensors such as accelerometers and touchscreens, these technologies offer new ways of authenticating users--such as using the accelerometer to measure an individual's walking style or gait which can then be used to authenticate them.
And if all this sounds a bit too outlandish, Juels has just published his first novel which takes even bigger steps into the world of technology possibilities, featuring cryptography and the cult of Pythagoras (who worship numbers) among its themes.
"Fiction is a good way of exploring possibilities that might seem outlandish in a straight-laced research environment," Juels said.
Steve Ranger of Silicon.com reported from London.
Play video
There are currently no comments for this post.