Legrand is a global specialist in electrical and digital building infrastructures. Its comprehensive offering of solutions for use in commercial, industrial, and residential markets makes it a benchmark for customers worldwide. Innovation for a steady flow of new products with high added value is a prime vector for growth, including, in particular, connected devices stemming from Legrand’s global Eliot (Electricity and IoT) program.
The Challenge
Several major commercial builders approached Legrand with challenges they were facing in the market. Labor costs were climbing and moving to a wirelessly controlled lighting system would save time and money by vastly simplifying the installation process. A wireless system would allow their technicians to finish more jobs in less time to improve efficiency and profitability. Wireless systems have a problem however: network security. Many of Legrand’s clients are in data sensitive industries, such as finance and healthcare, that require strong access control for their networks. How could Legrand reconcile the need for simplifying installation with the need for strong IoT security?
Legrand has seen this story unfold countless times. As one of the leading providers of switches, light bulbs, and other electrical components, they serve the professionals who are responsible for determining what electrical components go into construction projects. The problem enterprises have with wireless lighting and other IoT components is always the same—security.
As the Senior Systems Architect at Legrand, North and Central America, Jonathan Cartrette has spent much of his career in IoT thinking about security. Four years ago, he saw how one HVAC company used Public Key Infrastructure (PKI) technology to verify and authenticate their devices. Although this PKI solution provided a rigorous level of trust required by security system administrators, the problem of how this technology could be affordably scaled to billions of smaller IoT devices still remained.
Jonathan sought out many vendors and presented them with his challenge: develop authentication for IoT in a way that is scalable and inexpensive.
The Solution
Jonathan kept running up against countless barriers in implementing his wireless lighting solution that met the stringent security standards demanded by customers. After four years, eleven vendors, and even one full-time consultant trying to solve the problem, he found Kyrio.
Kyrio is a wholly-owned subsidiary of CableLabs, a 30-year-old consortium of more than 60 major cable operators from all over the globe. Cable operators have relied on PKI to authenticate their hardware for decades and provide over-the-air (OTA) updates using the same technology. Because of this background, Kyrio is uniquely positioned to setup and implement PKI technology for hardware companies operating in a multi-vendor ecosystem such as Legrand.
Kyrio’s partnership with Microchip allowed for pre-provisioned keys and certificates to be loaded into secure elements at the time of Legrand’s manufacturing process. The implementation of PKI and digital certificates in a small device had been simplified to a single line item on a bill of manufacturing (BOM) when ordering components, demonstrating Kyrio’s commitment to streamlining implementation for hardware manufacturers.
Next, utilizing Kyrio’s fully-custom PKI solution, Legrand was able to create more certificates according to their customers’ unique needs. For example, a light switch that could conceivably be on the wall for decades can have a corresponding certificate for that timeframe, whereas technicians and installers may only need a certificate that lasts for days or weeks. With a properly designed PKI, vastly different elements can still authenticate into the same Legrand PKI ecosystem. These possibilities can all be accommodated with a Kyrio managed PKI and its ecosystem partners.
“The electrical industry has the highest density of control points and data points, the lowest capability for setup, and is the least monetizable industry. If the owner of the products wants to have more diverse certificate strategies after installation, then there are lots of ways to do that, but whatever method they choose matters because of how the PKI protected the initial setup,” according to Jonathan. If Kyrio can provide a scalable, verifiable and economical solution for the electrical industry, imagine the implications for all IoT devices.
PKI Technology
PKIs are the gold standard in security for device manufacturers operating at scale. With older technologies such as symmetric keys, securing millions (or even billions) of devices becomes messy and unmanageable. When encryption and one-way-authentication aren’t enough, adding a digital certificate is a great way for device manufacturers to keep their customers and products secure. The above graphic shows a typical PKI hierarchy as a best practice for how certificates are managed and issued.
Key Benefits of Kyrio’s Custom PKI Offering:
- Kyrio Knows Hardware: Kyrio specializes in working with hardware companies at the manufacturing stage to ensure a painless integration of PKI into the production of IoT products.
- RA & MA Experience: Kyrio acts as both a Registration Authority (RA) and a Management Authority (MA) for the Open Connectivity Foundation.
- Unmatched Services: Setting up and implementing PKI at scale is no small task. Kyrio’s team of security experts represents the industry’s brightest minds to solve each customer’s unique PKI implementation.
The Outcome
Because Legrand was able to verify devices with auditable procedures backing up their certificates, security administrators at commercial building companies were comfortable permitting these devices on their networks, which allowed wireless lighting projects to proceed.
The Future
Using Kyrio’s offerings, Legrand and other IoT device manufacturers can now sell solutions into corporations, hospitals, financial institutions, and government facilities knowing they will meet rigorous security standards.
“Kyrio understands both hardware and massive scale operation. Thanks to Kyrio’s security expertise, Legrand was able to roll out a custom security solution that solved the problems previously solved for set top boxes with economics and logistics-fit updated for wiring devices and lights.”
– Jonathan Cartrette, Legrand, North & Central America