Thermal Comfort: Temperature and Humidity Control in Buildings
Optimizing occupant comfort isn’t just a matter of preventing complaints. Building occupants feel...
Making your building smart leads to significant improvements in efficiency, occupant comfort, and performance. But smart technology means more connectivity, and more connectivity means new vulnerabilities.
Cybercrime is expected to cause losses in the realm of $10 trillion annually by 2025, and cyberattacks are becoming more profitable than other criminal activities. In recent years, cybercriminals have successfully attacked tech giants such as Microsoft, WeWork, and Kaseya—but large companies aren’t the only ones at risk. With roughly four out of every ten smart buildings targeted by cyberattacks, commercial property businesses of all sizes must take proper precautions to protect their buildings, their data, and their people. This begins by understanding the importance of user authentication.
User authentication is the process by which users or services are identified when they request access to a system, network, or device. Credentials must be verified to keep unauthorized entities from gaining access to protected data, functions, and sensitive information.
Cybercriminals have become adept at stealing authentication information from users, giving them access to your data and systems. More than 80% of data breaches involve stolen or weak passwords, but more sophisticated ways to gain access to credentials are constantly emerging. User authentication is a highly attractive primary access point for bad actors into smart systems; being authenticated into a network gives the cybercriminals a potentially massive amount of data from a single source. It’s like hitting the jackpot.
The importance of user authentication has led to the development of several authentication methods. These include:
|Password-based authentication: The most common form of authentication, passwords are strings of letters, numbers, and/or characters that are input by the user to gain access to a system.
|Certificate-based authentication: Operating in a fashion similar to a passport, certificate-based authentication issues a digital certificate to a user that verifies them automatically when they attempt to access systems.
|Token-based authentication: With token-based authentication, users input their credentials only once and receive a token—a randomized string of characters—in return. The token functions similarly to a car key and grants them repeated access to the system as opposed to having to continually input credentials.
|Two-factor and multi-factor authentication: These methods require exactly 2 or more independent means of user identification. This may include codes generated from a separate device, Captcha tests, or emails containing a code.|
With security being one of the biggest challenges that organizations face in the digital world, choosing a robust user authentication method is essential.
Smart buildings use an array of IoT devices that connect to access points that can be remotely retrieved by users and services.The substantial framework requires highly secure protection against hackers, spoofers, and bad actors. This has led many to see cybersecurity as the Achilles heel of smart buildings. But that doesn’t have to be the case, especially when you recognize the importance of user authentication.
Some of the most effective ways to ensure that a smart building is safe from cyberattacks include:
Integration tools and services must prioritize security at every stage. Using an API gateway, for example, offers greater protection because there are fewer points of entry and tokens can be generated to securely interface with the underlying APIs without the need to share passwords or API keys. Integration platforms should offer robust user authentication and permissions management to ensure the right users—and only the right users—have access.
In addition to using standard transport layer security (TLS), mutual TLS (mTLS) authentication allows authentication to occur on both ends using key pairs. mTLS authentication adds another layer of security by protecting against credential stuffing, malicious API requests, phishing, spoofing, and on-path attacks.
JWTs are unique security tokens that enable the sharing of information and user identity across secure domains. For example, they are passed to the server when the user calls against an API to validate the user. This enables the user and the system to interact through a message authentication code, which is typically encrypted and digitally signed for added security. JWTs offer more security than security assertion markup language tokens (SAMLs) because JSON Web Tokens are less verbose with a smaller encoding size. This makes it easier for JWTs to sign its content without creating security holes.
It’s important to note that other security precautions should be used in addition to robust user authentication protocols. VPNs, access control systems, and encryption layers between IoT devices can bolster your smart building, for example. User authentication is simply one piece of a larger system. Authorization rules that limit what an authenticated user can do are also quite important.
The appeal of smart building technology is undeniable, and many are making the switch at a rapid pace. But making your building smart shouldn’t come at the cost of security.
Buildings IOT embraces the unique security requirements of smart buildings and the importance of user authentication and authorization. By building advanced security features into our products, following industry best practices, and offering comprehensive training to clients, we lead the way in secure smart building solutions.
Richard Miller leads Buildings IOT's IT team to deliver managed services to smart buildings from data centers to shopping malls. He writes about cybersecurity for smart building systems, IT/OT collaboration and more.