The device fingerprint should be signed by a Certification Authority (CA) that represents the manufacturer or the owner of the device at the time of production and should be securely stored in the device. The device certificates can be used to identify the device to other devices and services. They can be used to create a trusted communication channel, used to encrypt sensitive information, and to digitally sign data to prove its authenticity.
Another important trust anchor that the device needs is to know who/what it can trust. These trust anchors are embedded in devices as root CA certificates. There may be one or multiple root certificates stored on the device. These may identify entities such as authorized master sites, authorized maintenance entities, and authentic software updates. It is important that these root certificates are stored securely in the device so that they may not be modified without proper authorization.
Extra keys in the device may be needed for future use. Thus, it is important that the device has the ability to generate key pairs and enroll/download additional digital certificates. Needless to say that this feature also needs to be secured so that only authorized entities can perform these operations.
Securing the generation and storage of cryptographic keys used by the CA to digitally sign the device certificates, is also very important since the CAs will be providing the infrastructure of the whole trust ecosystem. The US National Institute of Standards and Technology (NIST), defines root of trust as components that are inherently trusted to perform security critical functions such as protecting cryptographic keys, performing device authentication, or verifying software. According to NIST, these components must be secure by design, and anchor the trust in a tamper-resistant hardware. A root of trust effectively creates a barrier between software on the server and cryptographic keys, greatly mitigating the chances of unauthorized access to the cryptographic keys. A Hardware Security Module offers highest levels of security to perform cryptographic functions and store the keys for the CAs.
Securing management & updates sites, software updates, and the use of software:
For IoT devices, it is essential that the devices are configured and managed securely. For devices that have embedded root certificates for the management sites, this can be easily achieved by the device by verifying the site against its root certificate when establishing the trusted communication channel with the management site. The management site can identify the device that it is an authentic device by its device certificate at the same time. The management site can digitally sign the configuration data to the IoT device to prove its authenticity while the device can verify that the configuration data has not been modified and it can be trusted.
Sign up for CIO Asia eNewsletters.