Internet of Things (IoT)

Securing the IoT at Scale: How PKI Can Help

The Internet of Things (IoT) is everywhere. These connected devices now work in medical settings, automotive vehicles, industrial and manufacturing control systems, and more.

Unfortunately, security in IoT devices has lagged behind their production, and the time has come for manufacturers to face this challenge head-on. Specifically, manufacturers need a scalable solution to address concerns like authentication, data encryption, and the integrity of firmware on connected devices. Together, these efforts will help ensure manufacturers not only deliver secure products to market but that those devices stay secure throughout their lifetime.

Realizing these security goals requires introducing a public key infrastructure (PKI) strategy for strong authentication in a cost-effective, lightweight, and scalable way.

Risks Abound in the IoT: Why We Need Better Security, Now

IoT security has not matched the pace of innovation for these connected devices. For example, manufacturers often ship devices with default passwords or shared cryptographic keys, which puts every single device at risk based on a single hacking event.

The most common security risks in the IoT today center around weak identity and authentication. These risks include:

  • Weak authentication: The use of weak default credentials allows hackers to access devices at scale and deploy malware.
  • Hard-coded credentials: Hardcoding passwords or keys into software or firmware and then embedding those credentials in plain text into source code simplifies access for developers, but it does the same for everyone else.
  • Shared and unprotected keys: Instances of symmetric (rather than asymmetric) encryption, as well as issues properly storing and provisioning encryption keys (even asymmetric ones), makes it easy to compromise devices. Secure storage becomes especially challenging at scale.
  • Weak encryption: The use of weak algorithms results in encryption that’s easily penetrated. This challenge stems from the fact that lightweight IoT devices with limited power struggle to generate enough entropy for random number generation.
  • Unsigned firmware: Code signing verifies the authenticity and integrity of code, but many IoT devices don’t check for a signature, making them vulnerable to malicious firmware updates.

PKI to the Rescue: 6 Ways PKI Supports IoT Device Security

Despite all these challenges, achieving security in the IoT is well within reach. It all starts with a sound strategy centered around PKI. Digging deeper, PKI can support IoT device security in six critical ways:

  • Unique identities: Using certificates introduces a cryptographically verifiable identity into each device for secure network access and code execution. Importantly, these certificates can be updated or revoked at the individual level.
  • Open and flexible standard: PKI is an open standard with flexible options for roots of trust, certificate enrollment, and certificate revocation, supporting a variety of use cases.
  • High scalability: Issuing unique certificates from a single trusted Certificate Authority (CA) makes it easy for devices to authenticate one another without a centralized server.
  • Robust security: A well-managed PKI program offers the strongest authentication, as cryptographic keys are far more secure than methods like passwords and tokens.
  • Minimal footprint: Asymmetric keys have a small footprint that makes them ideal for IoT devices with low computational power and memory.
  • Proven and tested: PKI is a proven and time-tested approach that experts recognize as a practical and scalable solution for strong security against a variety of attacks.

Are They Different? PKI for Product Security vs. Enterprise PKI

Importantly, while the approach required to fit within complex hardware supply chains and IoT device lifecycles may look different from the enterprise PKI companies have used for years, the fundamentals of PKI remain consistent and best-in-class PKI software solutions can handle both use cases:

  • Scalability and availability: The volume and velocity of certificate issuance is much higher in the IoT than it is in enterprise deployments (think thousands per hour). As a result, PKI components like issuing CAs and validation infrastructure must meet higher availability and performance levels, which simply defines the speed and network bandwidth of the machines running the PKI software.
  • Private key generation and storage: Since IoT devices typically live in places that are publicly accessible (unlike enterprise web servers), manufacturers need a way to protect the private keys stored on these devices for authentication. This typically requires generating private keys within a secure hardware component so that they never get exposed outside the device. The same PKI software handles Certificate Signing Requests wherever they can from IoT devices or enterprise IT.
  • Certificate policy: Certificate policy is always important and adhering to the policy can be as critical in the IoT as in a complex enterprise network given the disparate ecosystem. Fortunately, these policies are always documented in standards and made available as templates in the best PKI solutions.
  • Lifecycle management: Much like in enterprise or factory networks, lifecycle planning is also important in the IoT given how long devices will live in the field. Manufacturers must understand how identities will be provisioned and updated over time as devices live in the world, and they need response plans for algorithm degradation or a compromised root of trust.
  • PKI infrastructure: Both enterprise and IoT PKI may be hosted on-premise, in the cloud, or in any variation of the former and latter depending on budget, corporate policies, interfacing to factories, and already available IT infrastructure. Both follow the same recommendations: securely hosted HSMs serving an offline root CA with issuing CAs securely hosted and protected by proxies when they need to interface with distant machines over the internet.
  • Access management: Both enterprise and IoT PKI must be administered by a very small team with strong rules in place to log and keep track of any action and change in certificate policies. Best-in-class PKI solutions offer role-based interfaces, capable of clustering usage and isolating between different business units and projects, allowing to mutualize costs of PKI software license and hardware infrastructure if needed.

Despite all these challenges, achieving security in the IoT is well within reach. It all starts with a sound strategy centered around PKI. Digging deeper, PKI can support IoT device security in six critical ways.

Moving Forward: Top Recommendations for IoT Security

Ultimately, the manufacturers that can provide strong, unique identities for their IoT devices – and do so at scale – will deliver better protected, differentiated products to market. Achieving that goal starts with these top recommendations for IoT device security:

  • Incorporate trusted device identities and provisioning: Use unique digital certificates for every device for more granular management and tracking. Importantly, each of these certificates should tie to an established root of trust with a strong CA hierarchy.
  • Manage on-device key generation: Document use cases for on-device key generation to define Certificate Policy and Certificate Practice Statements (CP/CPS). Drafting CP/CPS is optional, but it offers high assurance through greater policy enforcement.
  • Consider offline/limited connectivity devices: Enable devices within the same trust chain to authenticate even without an internet connection so that they can continue to receive regular maintenance and updates.
  • Support mutual authentication: Require authentication to restrict access to trusted users and systems. Digital certificates allow for mutual authentication between two entities that share a root of trust for more secure data exchanges on open networks.
  • Ensure secure boot and code signing: Program devices to only permit execution of code with a verified signature. Adding a secure boot also protects devices by ensuring they only start or install updates once they’ve been signed by a known, trusted authority.
  • Incorporate crypto-agility and lifecycle management: Introduce the ability to quickly re-issue or revoke certificates from active devices, as static systems are inherently insecure. Consider cases like certificate expiration, ownership changes, and algorithm degradation, all of which require devices to receive cryptographic updates to remain secure.

Need Help Delivering Secure IoT Products to Market?

If you’re ready to face the IoT security challenge head-on, you’ve come to the right place. Download the complete white paper on the value of PKI for IoT to discover what it takes and learn how Keyfactor Control and EJBCA  Enterprise can help manufacturers bring secure IoT devices to market at scale.

The 2022 State of Machine Identity Management Report

Get actionable insights from 1,200+ IT and security professionals on the next frontier for IAM strategy — machine identities.

Read the Report →