September 8, 2017

Automated PKI is the foundation for IoT Security

Internet of Things (IoT) brings new security challenges introduced by the scale and pace of adoption, as well as the physical consequences of compromised security. The recent DDoS attacks carried out by a Botnet of thousands of machines infected with the Mirai Malware was just the beginning of what we’re going to see in the future. Already, we were introduced to Persirai, a more advanced version of Mirai has more aggressive features which exploit passwords, regardless of password strength.

The question on everyone’s mind is… What’s going to happen next? And more importantly, how can we protect ourselves and our organizations from disastrous consequences? After all, prevention is far better than cure.

The weakest link in the IoT chain is the edge device. Experts have already identified that Device Trust (Identity, Integrity) and Data Trust (Security, Privacy) are the key problems that impede IoT adoption. Another big challenge in IoT is the scale at which we need to deliver the trust layers without human intervention. Analysts and tech firms estimate that some 50 billion to 200 billion devices could be connected to the Internet by 2020.  IoT has already become a breeding ground for malicious surveillance attacks, and this will continue to grow with the number of devices introduced. Thus, security and authentication need to be top priorities for organizations. But how can we establish trust across connected devices on such a massive scale?

There are three big problems to solve:

  • How can we manage weak credentials at IoT Scale?
  • How are we going to deliver trust to IoT ecosystem without human intervention?
  • How do we address operational challenges across asset classes at IoT Scale?

The good news is that we have proven technologies like PKI (Public Key Infrastructure) that have solved identity, authentication, integrity and privacy problems in the internet/cloud world for a long time. The standards based PKI certificates, technologies, and products have been securing the devices, data, connections between servers for years, and it seems like a natural fit. On the other hand, looking at it from the skeptic’s angle, anybody engaged with PKI solutions knows the complexity of adopting PKI at IoT scale particularly for headless devices with no User Interface.

Device Authority KeyScaler™ solves PKI automation, weak credential and policy-driven crypto challenges without human intervention at IoT Scale.

  • The PKI Signature+ authentication – KeyScaler™ platform simplifies the automated PKI provisioning and authentication for robust IoT device identity. The solution accommodates constrained low-power devices.
  • Automated Authentication and Crypto key rotation – For stronger security achieved through frequent key rotation
  • Automated Password Management – Automatically set and manage local account passwords on devices, and rotate as
per policy applied with the ability to restrict access to device passwords for privileged individuals only.

Automated PKI is essential and is the only option available to deliver the device and data trust required for securing the IoT. Device Authority has demonstrated these capabilities for AWS IoT customers. AWS IoT customers can leverage KeyScaler’s private certificate signing to solve device provisioning and credential management problems through the AWS Marketplace.

Rao Cherukuri