Protect IoT Devices and Supply Chains from Emerging Threats
Public Key Infrastructure (PKI) has a proven track record in securing devices and their Internet of Things (IoT) networks. The success of PKI lies in the certificate-authenticated encryption model of PKI itself. Authentication backed by a digital (or PKI) certificate, quite simply, works.
The most common digital certificate in an IoT PKI is the X.509, which for years has also successfully protected SSL/TLS, the basis of https, and other applications like digital signatures, code signing, and timestamping. The X.509 certificate is secure, reliable, and flexible allowing for certificate profile and template customization that adapts to the many different IoT use cases that exist. It is a core component of our IoT Identity Platform solution.
Despite the demonstrated success of X.509 certificates however, IoT devices connected to the Internet continue to be a rich target for cyber crime. The sheer quantity of devices entering the market and the value that a potential breach could yield, lure cyber criminals like candy.
Secure supply chains with device identity
Binding identities to IoT devices during production offers a solid line of defense. Imagine an IoT device company that outsources its production to an electronic manufacturing service (EMS). While most EMS firms are reputable, there is a potential that questionable firms could overproduce units, selling them on the gray market and reducing the value of the original product or brand. But with an identity added during production, the customer is safeguarded from unauthorized network access by gray market devices not possessing authenticated device identities/certificates. Similarly, if a shipment of IoT devices is stolen during transport, the certificates/identities can be revoked, making the devices useless to would be resellers or users.
Device identities works equally well for reputable EMS firms who manufacture the same product for multiple customers. Provisioning certificates/identities for each of its customers in trackable batches is a competitive advantage. They can assure their customers that what is sold is secure from the production floor to the customer’s door, while providing a low-friction option for devices to onboard to a platform further down the supply chain.
Emerging device identity (DevID) architectural concepts foster crypto-agility
In response to evolving computational threats, advanced architectural models for certificate protection are emerging that are designed to safeguard identities against supply chain threats while also enabling easier secure coordination between parties in a supply chain.
In addition to X.509 device certificates, we provision IEEE 802.1AR certificates (based on X.509) that employ Initial Device Identifier (IDevID) and Locally Significant Device Identifier (LDevID) certificates as secure device identifiers (DevIDs). An IDevID is typically long-lived, ideally protected by secure hardware, and representative of the device’s core identity, like a birth certificate. An LDevID is a locally significant, access-level certificate that is shorter duration and provides access into the environment, which could be considered akin to a driver’s license.
This identity architecture is especially useful for solving bootstrap problems of secure, interoperable, IoT device onboarding. Flexible LDevID requirements allows operators to achieve identity and cryptographic agility, which can be used to respond effectively to network threats, or evolving cryptographic threats brought on by the advancement of quantum computing.
The 802.1 AR specification is finding traction in IoT ecosystems where critical, high-value connected environments need a secure, agile response to emerging threats. It is a vertical-agnostic architectural identity pattern that we have used with several of our existing customers. It takes careful consideration of the supply chain to implement.
First, we consider where and how the IDevIDs are securely provisioned into that device or component or chipset as well as at what stage of the manufacturing process. Next, we consider how to potentially leverage some of those IDevID trust attributes that were ideally provisioned securely during the manufacturing into a locally significant, operational LDevID that can be used for allowing the device to connect and operate into the IoT ecosystem. These LDevIDs are generally rotated more frequently through the device lifecycle, enabling adjustable access policies throughout the device’s operation.
This IDevID/LDevID pattern is an architectural identity blueprint that PKI is starting to lean on in IoT. Organizations using the IDevID to LDevID architecture can adapt to threats by changing algorithms, trust chains, and security assumptions throughout the device lifecycle, at scale via an automated response. As threats emerge, the DevID architecture can also manage certificate rotation or re-enrollment of access credentials for further protection.Tags: EMS firms, IoT ecosystem