The National Institute of Standards and Technology (NIST) is an important part of of the U.S. Federal Government’s activities to support science and technology. Of course NIST’s efforts extend to the computing field as well and NIST is a key agency for leading the Federal Government’s activities in evaluating and adopting cutting edge computing techniques. So, of course we were honored when Intertrust’s Chief Technology Officer, Dave Maher, was invited to speak at the NIST Cloud Computing Workshop IX at NIST’s headquarters in Maryland. In addition to his presentation, Maher spoke on panel with representatives from Cisco, Intel, Microsoft and the University of Maryland.
Maher’s talk was entitled “Trust in the Connected World” and focused on trust and security at the intersection of cloud computing and IoT (Internet of Things, also called “cyber-physical systems” by NIST). Maher’s experience in this field is backed up by a long distinguished career at Intertrust and Bell Labs and his work at Intertrust developing systems of trust for genomic data, windfarm data and behavioral advertising data. It is also guided by his personal experience of 8 years spent setting up a home automation system.
One point Maher stressed was that IoT is particularly difficult from a security point of view. For one thing, IoT systems, notably those attached to home networks, are not monolithic but end up being composed of a number of different networks and protocols. On top of this, IoT networks aren’t static; they are dynamic and can change over time. Since the traditional methods of security are focused on maintaining boundaries around computers and networks, “the old methods of security we know don’t work very well,” (Maher).
Maher also stressed that IoT and cloud systems contain data that can be useful when shared but of course we have to be selective with who this data is shared and when. One of Intertrust’s solutions to these very difficult issues is to use techniques the company pioneered though its digital rights management (DRM) work to create “trusted intermediaries.” Said Maher, “DRM techniques designed for entertainment can be modified to protect personal information.” Trusted intermediaries are services run by third parties who have a fiduciary responsibility to protect data while managing it in the best interests of the data’s rights holders.