IoT — PKI — Automation — The Unbreakable Bond

What is IoT PKI?

Today, there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, the rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.

Safe IoT deployments require not only trusting the devices to be authentic and to be who they say they are but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.

Secure adoption of IoT requires:

• Enabling mutual authentication between connected devices and applications
• Maintaining the integrity and confidentiality of the data collected by devices
• Ensuring the legitimacy and integrity of the software downloaded to devices
• Preserving the privacy of sensitive data in light of stricter security regulations

How Can you secure IOT Devices with PKI?

There’s a lot of connected devices out there. That may seem like an obvious statement given that everyone seems to be walking around with a mobile phone, tablet, computer, and wireless headset. But what about all the devices that aren’t entertainment-based? I’m thinking about all the connected vehicles, medical devices, routers, smart locks, thermostats, wearables — this list never seems to end.

In fact, Gartner predicts there will be 25 billion connected “things” by 2021.* With that kind of ubiquity, one key question arises: How are they secured?

As the IoT landscape and security requirements evolve, device manufacturers need a cost-effective and scalable solution to secure IoT devices from increasing threats and regulations. We’ve compiled a list from a recent whitepaper that shows how public key infrastructure (PKI) can help your teams build with security in mind from the beginning.

Where PKI fits into IoT Security?

Before we get to our top ways to secure IoT devices, let’s a breakdown some advantages of using PKI for your IoT security needs. With all the connected devices coming online, we need a way to identify them. In the next two years, 42% of IoT devices will rely primarily on digital certificates for identification and authentication. In fact, the rapid growth of digital certificates can be largely attributed to the critical use cases that IoT manufacturers require through device identity, authentication, and encryption. However, without a proper way to issue and manage the millions of certificates across IoT deployments, scalability will be challenging.

This is where PKI comes into the picture.

Public key infrastructure is a framework composed of hardware, software, policies, and procedures to help create, manage, distribute, and update these digital certificates over time. For decades, PKI has served as the backbone of Internet security, and now it’s emerging as a flexible and scalable solution uniquely capable of addressing the data and device security needs of the IoT.

Let’s see how.

Ways to Secure IoT Devices with PKI

• Use Unique Identities: By embedding a cryptographically verifiable identity into each device, you can enable secure network access and code execution throughout the device lifecycle. These certificates can also be customized based on manufacturer policy and updated or revoked on a per-device basis.
• Define and Set Security Standards: PKI’s open standard allows you to define a system cryptographically, with flexible options for trusted roots, revocation, and standard protocols for certificate enrollment and deployment — such as REST API, SCEP, and EST.
• Scale Security as Your ‘Things’ Grow: By using asymmetric encryption means that all certificates can be issued from a single trusted Certificate Authority that is tightly controlled. This disconnected verification model allows devices and applications to authenticate to one another without the need for a centralized server or agent-based software
• Maintain Robust Security: When digital certificates are issued from a well-managed PKI, they offer much stronger protection than other authentication methods. IoT devices can also utilize secure hardware elements for cryptographic key storage and employ validity periods that far exceed the usable lifetime of passwords or tokens.
• Secure with a Minimal Footprint: A major advantage of using PKI is that it allows manufacturers to implement safeguards with a minimal footprint on the device. Even devices with low computational power and memory can still use asymmetric keys. Elliptic Curve Cryptography (ECC) is quickly becoming the algorithm of choice for IoT, using smaller key sizes ideal for networked devices and sensors.

How Does Automation Play an Important Role with IOT — PKI?

Some estimate that 50 billion devices will be IoT-connected by 2020. We previously discussed the broad concepts of IoT, but here we focus specifically on IoT in the world of automation.

The primary drive for automation IoT is to significantly reduce operating expenditures when automation devices, sensors, and actuators become Internet-enabled devices. It’s the next huge leap in productivity because there are major advantages to be derived from the acquisition and organization of previously unthinkable amounts of data. New Enterprise Manufacturing Intelligence software (EMI) brings manufacturing-related data together from many sources for reporting, analysis, visual summaries, and passing data between enterprise-level and plant-floor systems.

With the increasing use of Fieldbus within control networks and the spread of software intelligence, some think that IoT is already emerging in the industry. But, the progress that’s occurred is just a small fraction of what can and will happen over the next decade. The inflection point will occur when literally everything is connected with inexpensive and easy-to-install wireless networks.

Industrial IoT must be self-organizing, self-configuring, self-healing, scalable to large sizes, with very low energy consumption, low cost, simple to install, and based on global standards. That’s a tall order, which current automation network standards simply cannot meet. In my opinion, with the spread of IoT, the ZigBee over IEEE 802.15.4 standard, currently languishing with minimal market share, will emerge to mainstream prominence.

In order for the market to really take off, several key technology hurdles will need to be addressed: truly ubiquitous device communications standards and new software architecture to support massively peer-to-peer, complex event-driven data management. The present-day lack of interoperability with distributed, real-time device data remains a huge hurdle.

With AppViewX, a platform comprising both the PKI and Automation capability makes the PKI automation of the IoT devices easy. A standard example would be a similar use case that AppViewX delivered to one of its largest IoT vendors.

The AppViewX Platform helps enterprise IT manage and automate the entire lifecycle of their internal and external PKI. Our Certificate Lifecycle Management and Automation Solution provide extensive visibility into the certificate and encryption key infrastructure which helps protect the enterprise from threats to the business. Application, network and security engineers may self-service and initiate automation workflows that deliver compliance and true business agility.

How did we make the customer’s Life Easy?

Having a CA that gives or issues a certificate in less than 400 ms would be a dream for most of the largest PKI enterprises. But to automate with such a large performance system, the automation tool we use should also be capable of processing the huge information.

With AppViewX, which acts as a PKI management and automation platform, all the user needs would be the common name and any specific parameter of the certificate in a CSV or any format the user expects the file to be. With the Input file obtained from the user, the automation Job can easily be triggered. They would take care of creating the certificate and send it back to the user/PKI team in any format they require.

With the world moving faster with IoT, PKI for security and Automation to cope up with the speed would be the next revolution in the industry.