Strong identity for devices tackles hidden costs in IoT security
Developers of Internet of Things (IoT) products know the importance of security to protect personal or industrial data, and typically employ encryption technologies to address that. But with the enormous volume of communication from these products to cloud-based services, a new security challenge has emerged. Cloud service providers are requiring a two-way trust model based on strong identity to ensure that only authorized devices are accessing their services—and they’re considering charging risk premiums for connections made by devices without this capability. Strong identity is a digital certificate based on a non-readable private key that is generated internally in tamper-resistant, secure hardware. By building a strong identity certificate into their devices, IoT developers can address this new security challenge while also improving manufacturing logistics, reducing costs, and improving customer satisfaction.
IoT presents new security challenges
Internet security using keys and certificates for online transactions is well-established. When consumers shop online, for instance, they can confidently submit payment information based on trust that the information is going to the intended site and not a different domain spoofing that website. This is because relevant digital certificates that enable verification of the domains are embedded in web browsers. The browser makers themselves don’t have to interact with every domain owner, but go through Certificate Authorities (CAs) to obtain certificates that will vouch for the website. The website owners then register their domains with the CAs who verify them. This one-way trust model protects consumers so they can interact with websites for e-commerce, banking, etc. with confidence.
The IoT wholly adopts this model, but because the players are now predominantly autonomous objects, there is a critical new element. Just as it is important for consumers to have confidence in the websites they access, it is now equally important for the cloud to know it is receiving data from and sending instructions to the right “Thing.” Many unpleasant hacking scenarios are possible if this trust is absent, from turning off a home’s security system to taking over a car in motion. The trust model now needs to be two-way, or mutual, in order for cloud providers to be confident that they are communicating with the right connected Thing.
The proliferation of IoT products is largely responsible for this shift. Cloud services providers are increasingly in possession of enormous volumes of sensitive data. This makes them increasingly attractive to hackers, and therefore liable to data-breach incidents. Providers are reacting to the enormous volume of communication from IoT devices to their cloud-based services with new requirements for strong identity so the devices can’t be spoofed and cloud providers can restrict traffic only to trusted devices (see Figure 1). This also protects cloud providers’ business models, which rely largely on connection volumes that must be accurately tracked in order to charge for their services. Only strong identities that resist cloning can provide the assurance of accurate tracking and billing. But the shift also protects the IoT OEM. Cloned, substandard devices can damage customer satisfaction and brand equity, and could even be used for denial-of-service attacks on the OEM’s cloud services, making it difficult for customers’ legitimate devices to connect. The two-way trust model has become critical for IoT device developers.
Figure 1: The compromise of any device on the cloud network can allow an adversary to gain access and cause havoc. (Source: Microchip Technology)
Makers of IOT devices need to follow similar steps that traditional website owners do to establish a chain of trust through an established third party. For websites, a company or person typically only needs to create and register one or a few domains and the infrastructure to easily achieve this is in place. But IOT devices present a different challenge. Every single device—every smart bulb or connected medical device or industrial machine—must have its identity uniquely registered and the infrastructure to do this is still in development. This requires the developer to obtain certificates that prove the identity of the device and the cloud application that interacts with it.
Certificates and keys
Security is based on transactions involving keys and certificates. Keys can be generated, but certificates typically need to be created based on a trusted Root Certificate. A certificate proves the identity of a device, an OEM, or a cloud application that interacts with a device and proves that a device belongs on the network and wasn’t cloned during manufacturing. In the IoT, a certificate is the digital artifact that attests to the authenticity of a device and the cloud service that it interacts with. The certificate is signed by a trusted authority, such as a CA, using its private key. A certificate will typically contain the public key of the signer as well as application-related data, such as license or brand information, that helps an application manage device functions and privileges (see Figure 2).
Figure 2: A certificate contains a content section and a signature. (Source: Microchip Technology)