Internet of Things security has been a dominant topic in the industry over the last year, primarily since the proved hacking of smart cars, Wi-Fi Barbie's, fridges, thermostats and more. The gaping hole of device security is something that rests heavily on the minds of manufacturers, providers and resellers.
I've spent the past few months attending several IoT and manufacturing industry events with the aim of learning more about how manufacturers are provisioning device identity into their products and the challenges they have around this today. In that time I've learnt a lot.
The manufacturing industry is always looking to increase efficiency of the production line, whether that's through speed, or accuracy of production. In order to thrive in the manufacturing industry, executives must be able to reduce waste, speed up automated processes and ensure quality remains high.
As an identity provider, we want to be able to help a manufacturer provision device identity and still do all of the above. The difficulty that we face is that there is still a lack of understanding in the industry around how best to manage identities and as such, solutions are not always the best fit for purpose.
Don't be Afraid of The Cloud
When speaking with manufacturers about managing identities in the cloud I was met with a lot of scepticism. What if a cloud service suffers from a network outage and the production line is halted? Is the cloud really safe?
As a result, a lot of manufacturers are asking for an appliance-based solution that can be deployed in house, but this can often be very expensive to develop, test and make tamper-proof. Additionally, there is a cost around maintenance, as this has to be done on site.
But what if you can have your cake and eat it too?
While the GlobalSign certificate management platform is in the cloud and has redundancy, fail-over and disaster recovery built into the platform, we're also able to partner with some great providers who are capable of helping design fail-over on premise network solutions, which greatly reduce or eliminate the probability of network outages. This means you can benefit from cloud-based value propositions including:
- We can make fixes to our core services remotely and maintain it without coming to the site.
- You can't have someone physically tamper with the service because it's in the cloud.
- Auditing and record keeping can be maintained safely offsite and requested at any time from GlobalSign.
But is the cloud really secure?
GlobalSign takes security very seriously. In addition to operating the infrastructure under best practices, we are Web-Trust Compliant. Our certificate management platform does not communicate without encryption. We leverage PKI, certificates and mutual authentication to ensure that only the right people have access to the platform and that they have access to the right places within the platform.
When to Provision Device Identity
While the argument for using device identities to build trust and security into IoT ecosystems is clear, a common sticking point is when to actually provision the device identity, which can happen at several points in the product life-cycle. Identity can be implemented during the manufacturing process, or when the device is turned on for the first time, at a seller store or in its owner's hands.
There are several pros and cons of both approaches and it's important to decide what is right for the kind of product you are manufacturing and the type of customer you have.
When the Device Wakes Up
Generally, in this scenario, the customer uses their internet connection to access the cloud and install their device identity after the device is turned on for the first time. A benefit to provisioning at wake up is that it eliminates certain manufacturing environment complexities.
One potential problem with this approach is that you are shipping the device without identity and this in itself could be leaving devices vulnerable to attack. A smart connected thermostat being shipped without identity displaces some requirements on how you can appropriately enroll that device into required cloud services securely. How will your cloud services ensure that the device being enrolled is a trusted and authentic device, not a pirated clone or malicious node?
Despite some of the trade-offs, this method works particularly well when manufacturing devices such as gateway devices. A gateway device may want to wake up in the field in order to receive and bind information about its customer and ecosystem. As a result, it is sometimes easier to allow the identity to be provisioned at the time of wake up.
By provisioning identity to a device during the manufacturing process we are further decreasing the chance of an attack, or vulnerability exploit.
The problem here is that time and cost will go into the production line. It's important here to think long-term as the initial stages might look more costly, but if you are leaving yourself less vulnerable to an attack, you are potentially appropriating huge cost savings as a result. For example, FACC which is an Austrian airline component maker for Boeing and Airbus lost $54million in a cyberattack.
Identity During Manufacturing, Ownership at Wake Up
An alternative solution to the above is to provision the device identity during the manufacturing process, but then let the device provision ownership and authorization when it wakes up. This ensures that inventory management is much easier. With this option it is vital to ensure that identities are being managed in one centralized platform to keep track of devices post-shipping.
Ensuring Device Identity Cannot be Transferred
We sometimes get asked if it is possible to ensure that device identity cannot be transferred. Using a secure hardware model like a TPM with a properly configured PKI environment to issue device identity certificates, you can have some assurances that the identity can't be transferred to another device.
Keeping Products Up-To-Date, Even Before Shipping
In today's fast paced "agile" software development environment, there is a benefit to loading the LATEST (tested and bug fixed) firmware onto devices before they go out into the field. Remote firmware upgrades are great and we recommend that they are part of the security design process. However, they can be costly depending on the technical environment of the solution (e.g. the cost of upgrading millions of IoT devices over a cellular network for instance, or power usage of the firmware updates). Ultimately you also need some core roots of trust established in the solution first, where identity is essential.
If manufacturers are able to pull-in the latest production firmware from the cloud, they can do better to ship devices with the latest firmware - another case to be made for smart internet-connected manufacturing.
Why Device Identity and the Cloud Are the Future
When adopting a cloud-based solution for Identity Management, you can save money by eliminating a need for an appliance-based solution, which will inevitably lead to more on site support and maintenance costs. You can rely on a focused party to maintain and update the cloud services, keep auditing and records safe, ensure devices are shipped with latest firmware and keep people from tampering with the service.
By provisioning identities, a manufacturer can ensure an even higher quality and more secure product reaches their customers, reducing piracy and fraud and improving both branding and customer trust. The manufacturing process is also sped up because Identity Management happens at high-volume through the GlobalSign Cloud Certificate Center.