How Longview™ built out their triple-layer security framework and secured their device supply chain
| CUSTOMER PROFILE | |
|---|---|
| INDUSTRY | IoT Technology for Industrial Asset Management |
| CUSTOMER VERTICALS | Startup firm targeting construction, oil & gas, healthcare, real estate, smart cities, higher education, utilities |
| GLOBALSIGN SOLUTION | IoT Identity Platform, Private CA, Public CA, IoT Edge Enroll |
At a Glance
PROBLEM
Carnegie/Longview sought a reliable, established security partner that could deliver secure, scalable and innovative solutions to help build-out their new IoT asset management technology.
SOLUTION
GlobalSign’s IoT Identity Platform provided the framework on which Longview’s triple-layer security could be built, managed and supported. GlobalSign leveraged our partner relationships to bring SRAM PUF innovator, Intrinsic ID onboard allowing Longview to build a comprehensive security solution security from sensors to applications.
Challenge
Carnegie Technologies delivers end-to-end IoT solutions, pre-configured for various industries and designed to work right out of the box. Carnegie Technologies’ Longview IoT was purposefully developed as a full set of IoT technologies to provide their customers with a single, secure, and optimized IoT solution to monitor and manage industrial assets.
We have made IoT security the utmost priority with Longview throughout the entire solution, from our sensors to the cloud, and into the field. Working with GlobalSign and their partner Intrinsic ID ensures that businesses and users are protected by best-in-class technologies at every point in the system, ensuring that our solution is secure and future proof for enterprises of any size.
Brad Bush, Managing Director of Internet of ThingsAs a startup employing LoRaWAN network architecture on AWS services, Longview was uniquely positioned to employ best practices when it came to incorporating security into their software development process. Longview considered security issues from the onset to ensure they were baked into their solution, not bolted-on as an afterthought. Their triple-layer security framework, built from the ground up with integrated security, is a complete IoT solution and a key selling feature.
Their challenge was finding the right partner with a suitable IoT security platform to build out their triple-layer security framework and secure their device supply chain. They sought a scalable, automated platform that would minimize manual management of CA and RA services. They were looking for an easy-to-use API that would lessen the integration burden on their development team. They wanted in-field sensor identification agility and they needed a flexible company that could collaborate to deliver a comprehensive solution.
Solution Requirements
- Scalable certificate provisioning to future proof growth.
- Private and Public CA and RA services with automated provisioning.
- Ability to provision device certificates during manufacturing (Birth Certificates).
- Ability to identify in-field sensors.
- Easy and fast integration.
Solution
Longview’s triple-layer security framework consists of LoRaWAN’s native 128-bit encryption, SRAM PUF technology for device specific key generation, and Certificate Authority (CA) backed certificate provisioning to protect each device in the supply chain as well as the data transmitted on the network. LoRa technology secures the LPWAN network.
GlobalSign collaborated with Intrinsic ID to secure individual sensors using SRAM PUF technology with unique identities. Longview partnered with GlobalSign for certificate provisioning at the gateway and protected data transmission.
PUF technology (Physical Unclonable Function) allows generation of device-specific keys based on minuscule anomalies of each semiconductor, similar to a human fingerprint, to uniquely identify each of Longview’s sensors.
To secure the supply chain of the Longview gateway and sensor devices (manufactured by an EMS) during manufacturing and through deployment, digital certificates were needed. The Longview Private CA set up by GlobalSign allows them to issue IDevID certificates (aka Birth certificates or shelf certificates) for each IoT gateway device at the EMS manufacturer’s facility. Longview uses GlobalSign’s IoT Edge Enroll integration on our IoT Identity Platform to manage their Private CA and encrypt data communication.
IoT Edge Enroll delivers Identity Lifecycle Management to Longview, enabling secure connectivity to their AWS cloud.
- For gateway birth certificate provisioning at the point of EMS manufacture (IDevIDs).
- For automated local certificate provisioning during gateway deployment (LDevIDs).
- To renew local certificates (device identity management).
What’s Achieved?
- Optimized Longview’s security development and integration by using the IoT Edge Enroll RESTful API, saving unnecessary development costs and reducing time to market.
- Automated certificate provisioning streamlined the private CA and RA functions, reducing internal management costs.
- In-field device identity enrollment allows any existing asset to be tracked and monitored.
- Secured the supply chain from device build/manufacturing through to in-field deployment/operation.
GlobalSign protects and secures your personal information, View GlobalSign Privacy Policy