GlobalSign Blog

03 May 2016

PKI Scalability in the Internet of Things

With the Internet of Things more and more likely representing the next big industry shift in the following years, technology companies are looking not just at ways of interconnecting smart devices to make our lives easier, but also at achieving that in a secure and privacy-conscious way. As such, hardware vendors and integrators need to meet these criteria:

  • Devices need to be uniquely identifiable remotely. Swarms of similar devices belonging to different customers should only be allowed to use their customer-specific data.
  • Devices need to connect to their respective backend systems in a secure fashion. As the information they relay is often private or sensitive, it needs to be encrypted before it leaves the device.
  • Stolen, lost or compromised devices need to be easily quarantined. Nobody wants to pay the heating bill of the next tenant after vacating a property.

The Challenge of High Volume Public Key Infrastructure (PKI)

The PKI model traditionally used in the enterprise lends itself very well to these applications, as it can be implemented in a relatively lightweight fashion on different classes of IoT devices. However, the scale of IoT brings a new range of challenges.

The number of identities served by the top five Certificate Authorities (CAs) in the world ranges in the tens of millions and has slowly grown over a long period of time. In contrast, IoT hardware manufactures often wish to bring to market tens or hundreds of thousands of devices at a time. Multiplying that by several hardware revisions or generations, new and unprecedented scales are reached. Identities must also be delivered to the entire batch of devices before they reach the shelves, at the speed of the assembly line.

GlobalSign London Pave the Way

To meet these demands, GlobalSign has reinvented the way identities are generated and managed, from protocols to storage technologies. A little over a year ago, we set up a SkunkWorks team in the heart of London, built on talent from content delivery, airline, trading, big data and internet security backgrounds, using the best tools for every area of the system. Today we have a geographically distributed platform that is able to create thousands of digital identities each second and manage billions of them.

The first key to the success of this project has been the choice of a programming language, providing a good common denominator to all our engineers, who came from C, C++ and Java backgrounds and had focused on scaling both up and out. We have chosen Go, which thus far has delivered in spades, enabling us to think both ways.

The second component has been the tight coupling of development and operational concerns. Even though at an individual level we prefer not to be jacks of all trades and masters of none, the initial design and planning phase allowed us to pick the best operating system for a database, the best database for specific access patterns and the best frameworks or approaches for gluing everything together. Our software engineers understand the computer and the network intimately, just as our systems engineers are familiar with the anatomy of our software.

We intend to report on our technology journey across several future blog posts, but in the meantime, if you would like to know more about us and our products, or even join us, as we are actively recruiting, folllow us here and on LinkedIn, or see our job vacancies on our website.

Share this Post

Subscribe to our Blog