Authentication In The IoT Age

The FIDO Alliance is working to move beyond insecure passwords with biometric identifiers.


We all know passwords are a problem. We have too many of them to remember, but too many of them are reused to make them secure. No surprise that they are the root cause of the vast majority of data breaches. Fortunately, clever minds are working at ways to replace them and they have come together to create the FIDO (Fast IDentity Online) Alliance.

The FIDO Alliance was created in 2013 to define standardized mechanisms for individuals to authenticate with biometrics systems (fingerprint and iris scanners and voice and facial recognition) for internet applications. It has been very successful and has attracted the support of many leading industry players: from cloud services providers and system-on-chip vendors to device manufacturers, payment companies and applications developers.

As the internet evolves towards the support of multiple connected devices in what is known as the internet-of-things (IoT), it brings with it new challenges. Devices need to authenticate with applications without the support of human operators. They need to establish their credentials toward applications in local networks and in cloud environments. They need to be routed toward their management systems and the applications that will use the data that they generate.

Throughout 2018 and 2019 key industry players recognized the need to standardize the protocols that IoT devices would use to onboard upon power-up with their management applications. At the same time, the FIDO Alliance includes representatives from the required participants to successfully define these protocols. In the value chain from IoT devices to cloud applications, all the key actors are represented within the FIDO Alliance.

In May 2019 the FIDO Alliance created the IoT Technical Working Group. Its mission is to evaluate the use cases for onboarding, authentication and binding of IoT devices to cloud applications. It includes representatives from companies such as Amazon Web Services, Google, Alibaba, Microsoft, Intel, Arm, Qualcomm, Visa, Mastercard and several others. When the use cases are finalized, this group will define the protocols that bind devices to the applications.

Some of the benefits of moving on from passwords

Imagination Technologies develops products that process the data and the metadata that is generated by IoT, and AIoT devices and systems. To trust the outcome of that processing, it is fundamental to have data that is trustworthy and can be accurately tied to the IoT devices whose behavior is to be modeled. Without the assurance that the data really comes from the IoT devices targeted, it is impossible to have confidence in the behavior models generated by the graphics processors and the neural network accelerators.

Imagination Technologies believes that device authentication and binding protocols should be based on industry-wide international standards. Device identity should also be based on formats that are defined in international standards. By using standards, several objectives are achieved:

  1. Peer review and validation of proposed formats and protocols to achieve robust security in the ecosystem.
  2. Development of a layered-based approach for the authentication and binding of devices, applicable across all IoT markets.
  3. Enablement of horizontal services for the authentication and binding of devices in the IoT industries.

By working within the framework of the FIDO Alliance, Imagination Technologies believes that it can contribute to the development of the IoT marketplace. The FIDO Alliance can bring significant progress toward the dynamic rollout and management of large ecosystems of devices. It can build architectures and systems for the IoT marketplace that will enable equivalent levels of easy rollout of devices than in the consumer internet.

Leave a Reply

(Note: This name will be displayed publicly)