Blog   |   March 11, 2020
Axiado's Innovative Authentication Solution
by Axel Kloth
Authentication services and establishing a zero-trust environment for digital devices have their weaknesses. Axiado is developing products to remedy those weaknesses.
Let’s face it, very few people are in danger of having their Fitbit hacked while they wait to order a latte in Starbucks. The problems we face today are much bigger.
If a water dam has a controller, and that controller is accessible on the internet, it usually is not well-secured, even with username and password. A hacker could easily access that controller and open the floodgates putting communities at risk. I believe we owe it to ourselves to make that communication secure so it can't be breached.
The biggest digital security problems facing the world are in the industrial and government arenas. Axiado’s technology will first target those areas, also known as the Industrial Internet of Things (IIoT).
Depending on who you talk to, estimates have between 20 and 30 percent of network attacks focused on getting through the corporate firewall. That leaves 70 to 80 percent occurring behind the firewall. Those attacks may be initiated by several methods, but they all come from either contractors or employees that:
Have been deliberately inserted into the work force;
have been turned by a malefactor to initiate an attack; or
have unwittingly brought in a seemingly innocuous device that plants malware.
A 2015 study conducted by a team from the University of Illinois Urbana-Champaign showed that people picked up almost 50 percent of discarded USB drives they found on the ground and plugged them into their computer. Even if a device is wiped clean immediately, there is still enough time for malware on the device to make itself at home in a user’s system and infect the network as soon as the user’s computer connects to it.
But random USB sticks are just part of the problem. The IIoT has lots of devices that connect directly to networks. Cameras, sensors, telephones and proprietary handheld devices, as well as typical computers, all can be the “patient zero” of an infection. Each device needs to be able to authenticate itself both in front of and behind the corporate firewall.
Companies like Intrinsic ID are working on technology to authenticate individual devices and they have been successful in getting their technology into 200 million devices worldwide so far. A Gartner report estimates there will be between 20.4 billion and 31 billion devices in operation by year’s end and trends suggest an estimated 75 billion devices by 2025.
The problem of authentication and establishing trust within any network cannot be done one device at a time. It needs to be more pervasive.
To that end, Axiado is developing an aggregation system that sits at the customer’s edge and a firewall processor that sits either at the customer’s edge or on their cloud protecting the network. The system creates individual keys and employs a unique ID to pinpoint the kind of processor in each device, along with the processor family and the serial number. As devices are removed and added to the system it creates unique IDs for the devices that cannot be faked.
Let’s look at another real-world example to show how this system would work. As I have mentioned previously, the satellites currently orbiting Earth are vulnerable to any hacker with an uplink and basic coding skills. By the end of the year, SpaceX plans to deploy more than 1,500 of the 50kg satellites in low Earth orbit in relatively close proximity to each other. If a rogue nation, or someone with malicious intent, manages to crash two of those satellites into each other, the debris field will be so large and fast that even an extremely small piece of shrapnel from one of the pieces that made up the two satellites will be capable of damaging and bringing down almost everything in its path.
Axiado’s system utilizes security processors on both the satellites and uplink ends, so communication between the ground station, ground control, and the satellites will be secured and fully authenticated.