In my previous posts, I explained digital certificates, PKIs and secure elements. If you remember, once you have a digital certificate issued by a Certificate Authority with keys stored in a secure element, you have a verifiable identity in an IoT device. This enables a number of features that provide a much greater level of security:
- Secure access control. With a unique verifiable identity you can determine what level of access to grant to that device. In addition, you can now deny access to anyone who does not have a proper certificate – no cert, no way. In addition, if you find out a certificate has been somehow compromised, because it is unique and identifiable, you can revoke its access privileges and that certificate will no longer be granted access.
- Mutual Authentication. In the days before IoT and autonomous networked devices, the device didn’t need to be authenticated, just the servers. You wanted to make sure that the website you were logging into was actually a bank and not some bogus phishing site. The bank authenticated your identity through your login and password. With IoT, the device needs to be authenticated and the device also needs to authenticate the server it is talking to. With digital certificates and secure elements, this is now practical.
- Secure Over-the-Air (OTA) Update. The problem with many devices today is that they will accept software updates from anyone. Remember, you want a device to only accept software that is verified and comes from a trusted server. The certificates allow the device to prove it should receive an update and which one, and the cryptography in the secure element allows the device to verify the server as well as the signed code.
As you can see, combined with digital certificates, PKI enables a trusted environment for robust identity protection by authenticating the identity of a device and assuring the integrity of that device.
Want to know more about IoT security? Don’t forget to subscribe to our blog and stay tuned for our cybersecurity predictions for 2018 during cybersecurity month.
For those whose business is connecting people, places and devices, Kyrio is the trusted and secure source for everything networkable. As a subsidiary of CableLabs, Kyrio is the most experienced and comprehensive security provider in the market. If you have any questions about IoT security, contact us today to find out how we can help you secure your entire ecosystem and provide trusted connectivity for your products.