The burgeoning internet of things is a great idea but it won’t really take off without some serious breakthroughs in security, said Dan Kaufman, director of the Information Innovation Office at the Defense Advanced Research Projects Agency (DARPA), at our Structure conference in San Francisco on Thursday.
Kaufman, who was joined on stage by CloudFlare’s CEO Matthew Prince, pointed out that the PC industry was unusual in that customers pay thousands of dollars for products that are broken from the start – you buy a new machine and the first thing you have to do is patch it – and this model won’t fly when you’re dealing with smart homes and so on.
“If we don’t have a fundamentally new security model, then I don’t know how we’re going to enjoy the internet of things,” Kaufman said. “Patch Tuesday for your car or your insulin pump doesn’t make a whole lot of sense.”
That said, DARPA is working on it. Kaufman noted that the defense research agency is trying to build an unhackable operating system, and it’s starting with the real-time operating systems that power embedded systems, such as those that will underpin the internet of things.
Kaufman also gave an interesting update regarding DARPA’s work on so-called homomorphic encryption. Usually, encrypted data needs to be decrypted at some point so that people or systems can do stuff with it; in the homomorphic encryption model, the data stays encrypted the whole time, even when it’s being put to use. This makes the hacker’s job much harder.
The problem with this technique is that, while it’s possible, it’s much slower than computing unencrypted data – 10 or more orders of magnitude slower. Kaufman said DARPA has now “knocked it down to about five orders of magnitude,” which sounds like significant progress.