Gartner recently labeled Internet of Things Authentication as a high benefit in 2020 Gartner Hype Cycle for IAM Technologies. This blog covers your options for Internet of Things Authentication.
Want to read the report? Skip the blog and click Download Report below.
IoT authentication is a model for building trust in the identity of IoT machines and devicesto protectdataand control access wheninformation travelsvia an unsecured network such as the Internet.
Strong IoT authentication is needed so that connected IoTdevices andmachines can be trusted to protect against control commands from unauthorized usersordevices.
Authentication also helps prevent attackers from claiming to be IoT devices in the hope of accessing data on servers such as recorded conversations, images, and other potentially sensitive information.
There are several methods by which we can achieve strong authenticationto secureIoT device communications:
The Internet of Things (IoT) is not just a single technology, but a connected environment of various machines (things) that work together independently without human interaction.
The authorization process is the tool used to validate the identity ofeach endpoint in the IoT system. The certification process is configureduponenrollment entry and informs the service provider of the method to be used when checking the systems identity during registration.
Machine Identity Management aims to build and manage confidence in a machines identity that interacts with other devices, applications, clouds, and gateways.
This may include the authentication and authorization of IoT devices such as:
Each IoTmachineneeds a unique digital identity when connecting to a gateway or a central server to prevent malicious actors from gaining control of the system.This is accomplished through binding an identity to a cryptographic key, unique per IoT device.
Machine identity management approaches are specifically responsible for discovering the credentials used by machines and the management of their life cycle.
IoT devices are often hacked remotely, involving a hacker trying to enter the device using an internet connection. If an IoT device is only allowed to communicate with an authenticated server, any outside attempts to communicate will be ignored.
According to the 2018 Symantec threat report, the number of IoT attacks increased by 600 percent between 2016 and 2017, from 6,000 to 50,000 attacks, respectively.
Therefore, when IoTdevices areimplemented within corporate networks,,security needs to be given much more attention. To address this issue, powerful but efficient cryptography solutions must be used to standardize secure communication between machines.
However, it is a tough decision to choose the right IoT authentication model for the job. Before deciding whicharchitecturemodel is ultimately the best IoT authentication, you need toconsiderseveralfactors, such as energy resources, hardware capacity, financial budgets, security expertise, security requirements, and connectivity.
The X.509 protocol (IETF RFC 5280) provides the most secure digital identity authentication type and is based on the certificate chain of trust model. The use of X.509 certificates as a certification mechanism is an excellent way to scale up production and simplify equipment delivery.
Public key infrastructure (PKI) consists of a tree-like structure of servers and devices that maintain a list of trusted root certificates. Each certificate contains the devices public key and is signed with the CA private key. A unique thumbprint provides a unique identity that can be validated by running a crypto algorithm, such as RSA.
Digital certificates are typically arranged in a chain of certificates in which each certificate is signed by the private key of another trusted certificate, and the chain must return to a globally trusted root certificate. This arrangement establishes a delegated chain of trust from the trusted root certificate authority (CA) to the final entity leaf certificate installed on the device through each intermediate CA.
It requires a lot of management control, but there are many vendor options out there.
However, X.509 certificate lifecycle management can be a challenge due to the logistical complexities involved and comes at a price, adding to the overall solution cost. For this reason, many customers rely on external vendors for certificatesand lifecycle automation.
The Hardware Security Module, or HSM, is used for secure, hardware-based device secret storage and is the safest form of secret storage. Both the X.509 certificate and the SAS token can be stored in the HSM. HSMs may be used with the two attestation mechanisms supported by the provisioning service.
Alternatively, device secrets may also be stored in software (memory) but is a less secure form of storage compared to an HSM.
It is essential to check the devices identity that communicates with the messaging gateway in IoT authentication deployments. The usual method is to generate key pairs for devices that are then used to authenticate and encrypt traffic. However, the disk-based key pairs are susceptible to tampering.
TPMs come ina number ofdifferent forms, including:
While a typical TPM has several cryptographic capabilities, three key features are relevant to IoT authentication:
Device manufacturerscannotalways have full confidence in all entities in their supply chain (for example, offshore assembly plants). Still, theycannotgive up the economic benefits of using low-cost suppliers and facilities. The TPM can be used at various points along the supply chain to verify that the device has not been incorrectly modified.
The TPMhas the capability to storethe keyssecurelyin the tamper-resistant hardware. The keys are generated within the TPM itself and are therefore protected from being retrieved by external programs. Even without harnessing the capabilities of a trusted hardware root and a secure boot, the TPM is just as valuable as a hardware key store. Private keys are protected by hardware and offer much better protection than a software key.
With TPM, you cant roll the key without destroying the identity of the chip and giving it a new one. Its like if you had a clone,yourclone would have the same physical characteristics as you, but theyre a different person in the end. Although the physical chip remains the same, your IoT solution has a new identity.
Some key differences between TPMs and symmetric keys (discussed further below) are as follows:
Symmetric Key Certification is a simple approach to authenticating a device with a Device Provisioning Service instance. This certification method is the Hello World experience for developers who are new to or do not have strict safety requirements. Device attestation using a TPM or an X.509 certificate is more secure and should be used for more stringent safety requirements.
Symmetric key enrollments also provide a great way for legacy devices with limited security features to boot into the cloud via Azure IoT.
The symmetric key attestation with the Device Provisioning Service is carried out using the same security tokens supported by IoT hubs to identify the devices. These security tokens are SAS (Shared Access Signature) tokens.
SAS tokens have a hashed signature created using a symmetric key. The signature shall be recreated by the Device Provisioning Service to verifywhether or notthe security token presented during the certification is authentic.
When the device certifies with an individual enrollment, the device uses the symmetric key defined in the individual enrollment entry to create a hashed signature for the SAS token.
Shared symmetric keys may beless secure than X.509 or TPM certificates because the same key is shared between the device and the cloud, which means that the key needs to be protected in two places.Designers usingsymmetric keyssometimeshardcode the clear (unencrypted) keys on the device, leaving the keys vulnerable, which is not a recommended practice
Properimplementation of IoT authenticationhasmany beneficial effects on IoT security. However, choosing the right method can be challenging, and the wrong choice can increase risks by tenfold.
Some riskscan be mitigated by securely storing the symmetric key on the deviceand following best practices around key storage,Its not impossible, butwhensymmetric keys areused solely,theycan beless secure then HSM, TPM, and X.509 implementations.
In the case of certificates, HSM, TPMs, and X.509applications, the main challenge is to prove possession of the key without revealing the keys private portion.
- Cyber security and the Internet of Things - Lexology - November 16th, 2020
- Save over $6,400 off this Complete InfoSec & Business Continuity Bundle - Neowin - November 16th, 2020
- Official Government Cybersecurity Guidance Offers Six Focus Areas for Banks of All Sizes - Lexology - November 16th, 2020
- Internet Security Audit Market is Expected to Exhibit an Upward Growth Trend Across Widespread Verticals | Affluence - The Think Curiouser - November 16th, 2020
- Internet Of Things Security Market 2020: Global Opportunities, Regional Overview, Top Leaders, Size, Revenue and Forecast up to 2020 2026 - The Daily... - November 16th, 2020
- Internet of Things (IoT) Security Technology Market Size 2020 | Opportunities, Regional Overview, Top Leaders, Revenue and Forecast to 2027 -... - November 16th, 2020
- 6 security shortcomings that COVID-19 exposed - CSO Online - November 16th, 2020
- iboss Named Finalist for Best Network Security Solution in the 2020 ASTORS Homeland Security Awards - PR Web - November 16th, 2020
- Microsoft: Move Away From Phone-based Multi-factor Authentication - TechDecisions - November 16th, 2020
- Global Cable Operator Markets, 2020-2025 by Technology, Residential Services (Wireless, Internet, Entertainment, Security, Home Automation, and IoT... - November 16th, 2020
- Why fintech security must never be an afterthought Wall Street Call - Reported Times - November 16th, 2020
- Global Internet Security Market Share, Quantitative Analysis, Drivers & Restraints, Future Trends and Forecast Research Report 2026 by Global... - November 10th, 2020
- Internet Security Software Market Size, Share, Types, Products, Trends, Growth, Applications and Forecast 2020 to 2027 - TechnoWeekly - November 10th, 2020
- How the Internet of Things Security Infrastructure in India can be improved? - Analytics Insight - November 10th, 2020
- Global Internet of Things Security Market 2025 Potential Scope for Growth in This Pandamic: Check Point Security Software Technologies, Cisco Systems,... - November 10th, 2020
- What is a RAT? How remote access Trojans became a major threat - CSO Online - November 10th, 2020
- China's largest hackathon sees Windows 10, iOS 14, Chrome, and more hacked - TechSpot - November 10th, 2020
- How governments, companies can address evolving needs of increasing tech-savvy Filipinos - Philstar.com - November 10th, 2020
- Global IT Security Market 2020 Growth Potential, Production, Revenue And COVID-19 Impact Analysis 2025 - The Think Curiouser - November 10th, 2020
- Internet of Things (IoT) Security Market Will Generate Massive Revenue In Future A Comprehensive Study On Key Players - TechnoWeekly - November 10th, 2020
- Global Internet Security Market 2020 | Know the Companies List Could Potentially Benefit or Loose out From the Impact of COVID-19 | Top Companies:... - November 8th, 2020
- Misinformation, not vote tampering, is our most critical election threat - SecurityInfoWatch - November 8th, 2020
- Top 7 Ways to Hide Your IP Address in 2021 - Techstory - November 8th, 2020
- Internet Security Software Market Current and Future Trends, Leading Players, Industry Segments and Regional Forecast By 2029 - Eurowire - November 6th, 2020
- Know Your Role: You Are Part of the Security Team - ClearanceJobs - ClearanceJobs - November 6th, 2020
- 'This is how it was all supposed to work': The EI-ISAC readies for Election Day - StateScoop - November 6th, 2020
- Two reasons your Wi-Fi is slow, and how to fix them - CNET - November 6th, 2020
- Keeping Yourself Safe on the Internet at University - TechBullion - November 6th, 2020
- IT Security Spending in Government Market Expected to Flourish By 2025 with Top Key Players- IT Security Spending in Government are: Check Point... - November 6th, 2020
- Arson, water damage: Paper ballots are fragile. But there's a reason we don't vote online - CNET - November 6th, 2020
- Live News Streaming Figures for #Election2020 Highlight Misinformation Threat - Infosecurity Magazine - November 6th, 2020
- Florida Invests in Security Controls Ahead of #Election2020 - Infosecurity Magazine - November 6th, 2020
- How to Organize Employees to Cooperate in Threat Mitigation - Infosecurity Magazine - November 6th, 2020
- The best antivirus protection for Windows 10 in 2020 - CNET - November 2nd, 2020
- Internet Security Firewall Market to Reap Excessive Revenues by 2020-2029 - Eurowire - November 2nd, 2020
- Global Internet Security Market Expected to reach highest CAGR in forecast period :HPE, IBM, Intel, Symantec, AlienVault - TechnoWeekly - November 2nd, 2020
- Poll shows that many feel more vulnerable to online threats during the pandemic - Wiltshire 999s - November 2nd, 2020
- Internet of Things (IoT) Security Market To Witness Significant Growth By 2020-2028 - TechnoWeekly - November 2nd, 2020
- Post-2020 election, Covid vaccine is biggest disinformation threat on the internet: Former Facebook security chief - CNBC - November 2nd, 2020
- Internet of Things (IoT) Security Market Demand (2020-2026) | Covering Products, Financial Information, Developments, Swot Analysis And Strategies |... - November 2nd, 2020
- Career in cybersecurity or ethical hacking: Where to study, starting salary and job interview questions - India Today - November 2nd, 2020
- Internet Of Everything (IoE) Market Status and Trend: Top Key Players, Industry Dynamics, And Regional Scope 2020 - Aerospace Journal - November 2nd, 2020
- Security Pros Have Role in Combatting Disinformation - Infosecurity Magazine - November 2nd, 2020
- How Safe Is the US Election from Hacking? - The New York Review of Books - November 2nd, 2020
- Internet watchdog warns of rise in scammers' activity - New Zealand Herald - November 2nd, 2020
- Homeland Security notified after hackers leak names of local residents who reportedly submitted invalid ballots - iFIBER One News - November 2nd, 2020
- Global Internet of Things Security Market Expected to reach highest CAGR in forecast period :Check Point Security Software Technologies, Cisco... - November 2nd, 2020
- Network Security: Don't Trust And Verify - IT Jungle - October 23rd, 2020
- Akamai Reveals State of Internet: Threats to Retailers - Solutions Review - October 23rd, 2020
- Verisign Reports Third Quarter 2020 Results | Business | The Daily News - Galveston County Daily News - October 23rd, 2020
- Global Internet Security Software Market Analysis, Drivers, Restraints, Opportunities, Threats, Trends, Applications, And Growth Forecast To (2026). -... - October 23rd, 2020
- Nokia Threat Intelligence Report warns of rising cyberattacks on internet-connected devices - GlobeNewswire - October 23rd, 2020
- Cybersecurity and a potential Biden White House: Past tech priorities resurrected - SC Magazine - October 23rd, 2020
- Virgin Media has an important new feature, but switching it on will cost you - Express - October 23rd, 2020
- WISeKey and OpSec Security Partnership Establishes Trust Between Brands and their Customers through Improved Customer Engagement - GlobeNewswire - October 23rd, 2020
- Internet Of Things Iot Security Market Economic Perspective And Forecast To 2027 - PRnews Leader - October 23rd, 2020
- Why cybercriminals have 'Gone Vishing' during the COVID-19 Pandemic - Bdaily - October 23rd, 2020
- Insights on the Digital Security Control Global Market to 2027 - Strategic Recommendations for New Entrants - GlobeNewswire - October 17th, 2020
- More than 25% of Cypriots concerned about internet security - Cyprus Mail - October 17th, 2020
- 5 things you can do to secure your home office without hiring an expert - We Live Security - October 17th, 2020
- Beyond Speed and Reliability: Security Is a New Differentiator - Security Boulevard - October 17th, 2020
- Nationwide and Generali Global Assistance Partner to Enhance Identity Theft Protection - Insurance News Net - October 17th, 2020
- Global Internet of Things (IoT) Security Product Market 2020 Impact of COVID-19, Future Growth Analysis and Challenges | Cisco Systems, Inc, IBM... - October 17th, 2020
- Is BlackBerry (TSX:BB) Stock a Buy on the Latest News? - The Motley Fool Canada - October 17th, 2020
- Global Internet of Things or IoT Security Market to Reach $22 Billion+ Valuation by 2027, Largely Due to Blockchain Adoption - Crowdfund Insider - October 17th, 2020
- Internet Security Market with COVID-19 Recovery Analysis 2020 | Rapid Adoption of BYOD Policy to Boost Market Growth | Technavio - Business Wire - October 8th, 2020
- Tenable and the CIS Enter Partnership to Bolster Cyber Hygiene - AiThority - October 8th, 2020
- How to Build Smart Banks that Connect Customers with Modern DX - AiThority - October 8th, 2020
- #NCSAM: Is Connected Ever Going to be Protected? - Infosecurity Magazine - October 8th, 2020
- Cyber Security Awareness Month is here! - We Live Security - October 2nd, 2020
- Internet security Market Potential Growth, Size, Share, Demand and Analysis of Key Players Research Forecasts to 2027 - The Daily Chronicle - October 2nd, 2020
- Latest Report on Global Internet of Things (IoT) Security Market Analysis, Growth, Opportunity and Regional Insights 2026 - The Daily Chronicle - October 2nd, 2020
- Remarks by Henrietta Fore, UNICEF Executive Director, at Security Council meeting on universal connectivity & access to digital technology in... - October 2nd, 2020
- Lessons learned from firsthand experience on how to avoid internet fraud and other forms of cyberattacks (opinion) - Inside Higher Ed - October 2nd, 2020
- COVID-19 Update: Global Internet Security Audit Market is Expected to Grow at a Healthy CAGR with Top players: Symantec, Intel Security, IBM, Cisco,... - October 2nd, 2020
- Internet Security Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top Players: HPE,... - September 30th, 2020
- How Trusted Internet Connections Is Focusing Telework with TIC 3.0 - FedTech Magazine - September 30th, 2020
- Is your business looking for an extra layer of security - here's why a VPN may be the answer - TechRadar - September 30th, 2020
- A business connected to the cloud needs cloud-ready security, connectivity - Techgoondu - September 30th, 2020
- The 6 key races you haven't heard of that may help decide how we secure our elections - POLITICO - September 30th, 2020