In what anonymity networks are concerned, all discussions revolved so far around Tor, its characteristics, its Dark Web gateway providing quality and its crucial role in tracking criminals in a few famous cases. Now that MIT researchers developed the Riffle network, dedicated to a similar type of anonymity while browsing the World Wide Web, it is worth considering how IoT would benefit from this kind of user invisibility.
Various online sources have associated the perspective of improved, widespread anonymity networks with the much-needed anticipatory solution to IoT vulnerabilities. Why anticipatory? Because full-on IoT is yet to come, and most of the vulnerabilities have been zero-day demoed. The complex, inter-connected threats are only lurking in the future so far, with a few notable exceptions, like the baby monitor hack, the Smart TV hack (by researchers) or the Jeep hack (again demoed).
While some researchers try to improve the impenetrability of connected devices, user hubs and digital communication ways, others bet on enhanced encryption that would make data useless for hackers even when accessed. Nevertheless, besides stealing data, IoT hackers could influence real-life people and their lives. Or just mess with their home, devices and everything that is digitally controlled.
The obvious solution of going invisible
Recently the Guardian Project team unveiled a new technique aimed at applying Tor’s layers on everything that represents a smart home, from gadgets to security cameras. It is a proof-of-concept technique that may well offer hope for all those eager to adopt the benefits of digital connectivity, yet still dreading the cyber-security risks.
This system is however rather complicated to set up, at least from the perspective of a non-professional IoT user. It should take specialized services to ease technology owners into everyday-life embedded privacy, but the authors do state that this alleged hacker-proof invisibility coat is far more secure than the commercial defense systems current smart hubs come with.
Anonymous communication to protect the users’ privacy
This software-engineered privacy idea can easily migrate into all the anonymity networks to come, but for now the concept debuted in connection with Tor. Here you can browse the Tor-based Anonymous Communication Approach to Secure Smart Home Appliances article – and its included data on various IoT-enabled types of attacks, vulnerable entry points and malicious attacks scenarios.
Having an authenticated hidden service would allow users to at least make the hackers’ lives harder, if not to completely eradicate smart technology cyber-risks. Absolute guarantees are hard to provide, since cyber-attackers always managed to find ways of overpowering all cyber-security measures. However, the idea of cloaking entire networks of connected devices looks feasible, the way Guardian Project researchers put it.
Guardian Project director Nathan Freitas explained the immediate commercial use of Tor for IoT privacy like this: “We want to introduce the idea that Tor can be used this way and to advocate that IoT vendors adopt and innovate with it”.
For private individuals and owners of digitally-empowered business the Tor-employing idea may take a secondary place in this paradigm, while the possibility of better protecting their data, technology gadgets, office and home appliances from cyber-attackers through a network that ensures anonymity could take center-stage.
Regardless of the actual tool that would enable this state of facts (see above how Tor’s unique stance is now potentially threatened by MIT’s Riffle), IoT needs a strong security push that would convince current and future adopters that their data and operations are safe within this new digital boundaries.
What would the downsides in using anonymity networks be?
The only guiding thread in this direction consists of the current user experience with Tor.
While attractive due to its privacy promises, the dangers it comprises are not to neglect. Naive users that have ventured into using the anonymity network sometimes tell stories of threats and dangers they met when browsing destinations they wouldn’t have been able to access otherwise, or when accidentally entering crime-dedicated sub-networks.
Here is an informative article on the risks of employing Tor inside a business network – from information theft to reputation damages or aggressive malware. It seems hard to believe that the same tool could be used to protect users from cyber-attacks. Nevertheless it is not the software tool that is culpable of malicious activities per se, as much as the people who take advantage of their enhanced anonymity status in order to perform illegal online activities.
As in all less-restrictive environments, the predictable danger in employing anonymity networks for cloaking and better protecting private connected hubs would consist of not being able to properly control the settings and configuration flaws, in the quality of a private, inexperienced user. The better the alleged protection, the bigger the consequences in case of malfunctions. Whereas the cookie tracking system the Guardian Project presented can provide users with a higher degree of confidentiality and data impenetrability, in the event experimented hackers infiltrate this system, their presence could go on undetected for long periods of time, allowing passive data collection and malicious spreading of their own micro-tools.
The future details on this accessory IoT tool would perhaps clarify whether such risks are considerably diminished or not. So far, the casual IoT users can hope to see this type of tool commercially available, in order to keep at bay random hackers that mess with their privacy and tech connectivity.
