New EJBCA Capabilities Bolster IoT Device Security

IoT devices continue to grow in number and importance in our daily lives, making the need for cybersecurity even more imperative. Every device that connects to a network or other devices is a new attack vector for a bad actor and can be a launch point for a broader attack. As a leader in IoT device security, Keyfactor is proud to announce EJBCA 8.0, which introduces several new features to make securing IoT devices even easier for manufacturers. 

Matter has become the de facto standard for smart home device communication, interoperability, and security. With a security architecture based on certificates and public key infrastructure (PKI), manufacturers now have a blueprint for security and cross-compatibility with other brands.  

EJBCA 8.0 introduces new domain name (DN) attributes that allow product teams to issue Matter-compliant certificates. Now, manufacturers can leverage EJBCA, a powerful and flexible PKI platform, as both a Product Attestation Authority (PAA) and Product Attestation Intermediate (PAI). This makes it possible to issue the initial birth certificates for each device as it rolls off the manufacturing line, known as device attestation certificates (DACs). This ensures that devices meet the standard and are secure from the moment they’re manufactured.    

In PKI, just like in real estate, location matters. EJBCA LRA is a new modular extension of EJBCA Enterprise that can be deployed in the factory, in OT environments, or at the edge, providing manufacturers and industrial operators with a Registration Authority (RA) right next to the production line. The EJBCA LRA is hardware-agnostic, allowing manufacturers even more flexibility with their architecture and hardware choices.  

IoT devices are becoming smaller and smaller. They have less storage and processing power, but still have the same security requirements. EST is a widely used protocol for certificate management utilizing HTTPS. However, the overhead of HTTPS is more than some devices can handle, so a more lightweight protocol was created: Constrained Application Protocol (CoAP). 

The new EJBCA LRA supports the issuance of certificates with EST over CoAP, allowing manufacturers of smaller, resource-constrained IoT devices to be able to leverage the power and scalability of EJBCA to ensure their products have unique, trusted identities. 

EJBCA is the industry standard PKI platform to issue and manage IoT device identities at scale. It offers a flexible architecture and easy extensibility to meet the requirements of even the most complex manufacturing environments. With new features such as Matter support, the Local Registration Authority (LRA), and EST over CoAP, product teams can better leverage EJBCA to gain efficiency and improve the safety and security of their devices.  

To try EJBCA today, start a free trial on AWS or Azure. 

To learn more about more features in EJBCA 8.0, please read the release notes.