Blog post

Securing A Touchless Society

By Barika Pace | July 28, 2020 | 0 Comments

Introduction

By 2023, 50% of all major business applications will include at least one type of no-touch experience, such as voice, augmented reality, or virtual reality.

 

COVID-19 has acted as a catalyst for the era of AI-powered no-touch interfaces, which include

  • Open-air gesture control and three-dimensional interfaces,
  • Biometrics,
  • IOT,
  • Virtual reality,
  • Brain-computer interfaces,
  • Augmented reality, and
  • Virtual personal assistants.

Touch-less interfaces present new attack vectors and thus increase security risks and lead to a higher dependence in AI. Product leaders will need to increase their focus on privacy and security controls to combat the collection of ever-larger amounts of personal data in a cyber-physical world. However, the greatest threat to product leaders’ touch-less product ambitions might be the risk to their product development cycles. Product leaders must increase their efforts to protect training models, especially those that can have real cyber-physical consequences, including threats to people and the environment.

Recommendations

As part of their long-term strategies, products leaders must prioritize the investments below technologies to prepare for short term impacts a changing society:

Embedded trust: Embedded trust delivers a hardware root of trust (e.g., Trusted Platform Module), which is frequently a requirement to secure end-point functions. Examples of these include device virtualization, firmware, operating systems, and execution environments. Such vendor products offer protection from scale able software-based threats and are useful in defending against physically invasive attacks. Providers like Thales, Keyfactor, Entrust Datacard, and Allergo offer embedded trust solutions.

Homomorphic encryption: Homomorphic encryption is a cryptographic method that enables third parties to process encrypted data and return an encrypted result to the data owner while providing no knowledge about the data or the result. Note that fully homomorphic encryption isn’t quick enough for most applications at this time, but some vendors offer partial homomorphic encryption. Providers like Duality Technologies, IBM, ShieldIO, and Ethereum are vendors that readers can research further.

Decentralized identity: Digital identity and data-sharing challenges create numerous privacy concerns. Decentralized identity enables privacy-enhanced verifiable identity data exchanges online. It also leverages technologies such as blockchain or other distributed ledger technologies to decentralize an identity system by distributing it across a large number of nodes or participants. Relevant providers include Microsoft, NuID, SecureKey, and Sovrin Alliance.

Cyber-physical system security (CPSS) solutions enable secure management of  increasingly interconnected environments, growing out of IOT and OT security. The goal of CPSS is to secure engineered systems that orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans) and enable a safe, real-time, deception, secure, reliable, resilient and adaptable performance.  Product managers must develop and demonstrate security features that, while helping mitigate threats, ensure privacy, guarantee safety, availability, reliability, and resilience. Sample providers include SCADA Fence, Nozomi, Cisco (CyberVision), Bayshore, Microsoft Azure Sphere, Claroty, Dragos,  Forescout, 802 Secure, Armis, Indegy, Radiflow Tenable.  Verve, IoActive, Otorio  and PAS.

GPS anti-jamming and anti-spoofing This technology includes jamming and spoofing detection sensors, hardware and software. Signal-jamming solutions need to be fully automated to be effective, whether “kill” type jammers or “return home” systems.  Sample providers: InfiniDome and Orolia

Online-fraud detection (OFD)

In a touch less society, online fraud detection is expanding beyond traditional use cases, and market overlap with identity proofing and authentication is growing. OFD tools normally enable real-time monitoring, and may be focused on detection alone, or also on mitigation, once fraudulent activity is suspected. Capabilities may include solutions to provide behavior analytics, bot detection, fraud scoring, integration with social media analytics tools, and event monitoring. Representative vendors include: Amazon Fraud Detector,  SHIELD Enterprise, BioCatch, Cleafy, and Callsign.

Recommended Reading

Cool Vendors in Cyber-Physical Systems Security

Product Manager Insight: The Emergence of the Product Security Officer

Emerging Technologies and Trends Impact Radar: Security

Comments are closed