recommended reading

NIST Testing out Passwordless Smart Home

technology.

technology. // Thinkstock

The federal government wants consumers to abandon passwords, even for smart home appliances that collect large amounts of personal data.

As part of a new pilot, the National Institute for Standards and Technology awarded a $1.86 million grant to a tech company claiming it can devise a security system that protects individuals' data in the "Internet of Things," but also saves consumers from "password fatigue" (having to manage several increasingly complex codes to access their own systems). 

Tozny, a subsidiary of tech company Galois, aims to test one system that encrypts user data generated by the "smart home," and another that would let transit riders use their mobile phones as tickets, Galois principal investigator Isaac Potoczny-Jones said in a blog post outlining more details about the project. 

The NIST pilot, through an initiative called the "National Strategy for Trusted Identities in Cyberspace," focuses on these two applications. But NIST has recently been drafting broader standards for tech companies creating products for the "Internet of Things": In September, it released a Draft Framework for Cyber-Physical Systems, essentially a guide teaching device manufacturers how to build safer devices. 

The company already has a smart-home security pilot in apartments in Portland, Oregon, and San Francisco. Its app allows users to control and monitor their lights, energy use, and home security from anywhere using their smartphone. Tozny plans to collaborate with mobile payment company GlobeSherpa on the transit ticketing project. 

NIST isn't the only federal group thinking beyond the password.

At a conference last week, the Defense Department's Deputy Chief Information Officer for Cybersecurity Richard Hale told an audience "replayable" access keys such as passwords, which can be used more than once, could make the physical assets in the Internet of Things more vulnerable to intruders.

The Pentagon has worked to "basically get rid of things like passwords and move to credentials" for access to virtual networks, he said.

"The Internet of Things is going to need the same thing . . . We have to drive out passwords," Hale added. 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.