'Physical dimension' of net raises security concerns

As the use of technologies such as RFID increases, more everyday objects become connected to computing infrastructure, potentially leading to security issues

The use of technologies such as RFID will force a rethink of how IT security is implemented, because the adoption of such devices will mean the internet takes on a "physical dimension" rather than just living inside PCs, according to Ari Juels, chief scientist and director of RSA Labs.

As the cost of RFID tags comes down and take-up increases, more and more everyday objects will be connected to computing infrastructure, potentially leading to new security issues.

"This is interesting because it means the internet is acquiring a physical dimension. We will have to think differently about the implementation of security in everyday life," Juels told ZDNet UK's sister site, silicon.com.

Juels said healthcare is one place where in the next few years we could see the "physical and logical convergence" accelerate rapidly.

As a result, privacy — such as around patient data and medical records — will be of vital importance and the security of such tags and data is something that the labs are looking into, according to Juels.

Cloud computing is also on the labs' radar. "The traditional enterprise model is the enterprise has physical control of the storage infrastructure and the mindset is one of basic trust. In the cloud model that changes; you don't know where the box is or even in which jurisdiction. This physical dislocation creates some new and interesting security challenges," Juels said.

One of these is knowing the data an organisation has stored in the cloud is still there, he added: "If you've got it on tape you know where it is. If you back up to the cloud you have no idea where it is sitting or even on what media."

One option would be to download all cloud-held data regularly — a move likely to cause network congestion. RSA Labs is now working on technology to check the veracity of data without downloading it all. Juels said the check could be done by downloading tens of bytes rather than gigabytes.

Another area the labs is researching is the use of mobile phones for authentication. Many people are reluctant to carry tokens for authentication, Juels said, so the labs are working on technologies to allow the Wi-Fi in a mobile-phone handset to be used to transmit a passcode directly to a PC to authenticate the user or transaction. As the user does not have to type in the passcode, this means it can be much longer, potentially making the security better.

With mobile phones such as the iPhone now coming equipped with sensors such as accelerometers and touchscreens, these technologies offer new ways of authenticating users, such as using the accelerometer to measure an individual's walking style or gait, which can then be used to authenticate them.

And if all this sounds a bit outlandish, Juels has just published his first novel which takes even bigger steps into the world of technology possibilities, featuring cryptography and the cult of Pythagoras among its themes.

"Fiction is a good way of exploring possibilities that might seem outlandish in a straight-laced research environment," Juels said.