‘Biometric’ security for smart devices could stop cyber-attacks

Press Office

New security technology that could stop cyber-attacks and protect the privacy of billions of smart device users worldwide could soon be available as a result of a partnership between the University of Kent and University of Essex.

Numerous high-profile organisations have recently fallen victim to cyber criminals who have deliberately infiltrated their computer networks and introduced viruses, with devastating consequences.

The route in is often through internet-connected smart devices that are insecure. The process of connecting these devices, allowing them to talk to each other and us, is known as the Internet of Things (IoT), but their insecurity can mean organisations are vulnerable to attack and individuals at risk of being spied on.

Now researchers at the University of Kent’s School of Engineering and Digital Arts (EDA), working alongside academics at the University of Essex, are developing an encryption technology, called ICMetrics, which could stop the attackers in their tracks.

It uses the unique set of identifiers in each device – both the software and the hardware – to validate the credentials of in-coming messages from another source. This is similar to biometrics technologies that use the unique identifying characteristics of a person to allow access to a device or account.

If incorporated into IoT devices it should make it impossible for other devices to trick an IoT device into sending it data, thereby reducing privacy concerns and reducing the risk of cyber-attacks.

Additionally, as the technology would be built in to the device there would be no requirement for users to do anything to secure their devices.

The Mirai botnet attack of October 2016 took advantage of the fact many IoT devices are insecure because users rarely change the default security settings. This allowed the Mirai botnet to infect millions of devices and then overwhelm internet services with Distributed Denial of Service (DDoS) requests.

The ICMetrics systems could prevent such attacks and bring much needed security to the billions of IoT devices in use globally.

The technology is being developed as part of the Security and Privacy for the Internet of Things (SPIRIT) research project, headed by the University of Kent, working with the University of Essex, the University of La Rochelle and the University of Geneva.

It is being funded by the Engineering and Physical Sciences Research Council (EPSRC) through the CHRIST-ERA European funding programme.

Kent and Essex are two of the three partners in the Eastern Eastern Academic Research Consortium (Eastern ARC).