Security-by-design isn’t a new concept: It’s the idea of addressing security concerns, considerations and best practices as early as possible in the IoT product, application or network development to minimize vulnerabilities downstream. It’s meant to establish the device identity and protect data integrity, and privacy of communication so IoT users – devices, people, systems, and networks can confidently operate without fear of compromise or attack.
For an IoT device, most security-by-design practitioners would consider the potential dangers of their device from the point-of-manufacture, into deployment and throughout its lifecycle. Which, to be fair, is an admirable achievement - and one savvy IoT device developers are using to distinguish their products from the ordinary IoT devices and products on the market. But what if security could start earlier, even before device assembly, at the device-component level? Or better yet, at the very beginning of a supply chain at the chip level?
Securing the identity of an integrated circuit – a chip – with a digital certificate backed by a PKI-based IoT Certificate Authority - would create a purpose-built IoT identity chain that starts at the point-of-origin. It would not only secure IoT devices throughout their lifetimes, but before they are actually assembled or deployed - thus providing a means to secure their supply chains from third-party electronics manufacturing services (EMS). This offers the ability to protect against the use of non-approved components or overproduction of grey market devices slipping into use.
That would ensure the ultimate achievement in security-by-design and provide a means to secure an IoT device literally from chip to cloud. And that is what GlobalSign and our Partner Big Good Intelligent Systems delivers.
Purpose-built IoT Chip Identities
Purpose-built IoT chip identities is what GlobalSign and our Taiwan-based Big Good Intelligent Systems Inc. (a subsidiary of Big Good Holdings.) provide. Big Good is both a customer and a partner with GlobalSign. As a customer, they use our IoT Identity Platform and IoT Edge Enroll to connect to our CA services and provision certificates for their own line of IoT connected, smart-home devices.
In addition, Big Good also acts as a reseller of our certificates in two ways: First, the company uses our IoT Edge Enroll to provision certificates onto their hardware chip modules, specifically the HVCA Module / ECDH Crypto Chip (secure chip for SSL). Big Good then sells those ‘crypto chips’ to other manufacturers as certificate-embedded chips, ready to be built into products.
Second, Big Good offers a solution called “G-Shield”, their own enrollment server and chip burner hardware (GPW-01) built using GlobalSign’s IoT Identity Platform with IoT Edge Enroll. It sells this to other chip manufacturers who want the ability to securely burn certificates onto their own chips.
The first company planning to implement Big Good’s G-Shield is Realtek Semiconductor Corporation, a global integrated circuit provider for communications networks, computer peripherals and multimedia applications. Realtek Semiconductor is working with GlobalSign and Big Good to research and integrate G-Shield technology into its production process to improve the security of their high-performance connected devices and products. They anticipate that improving their production capabilities with G-Shield certificate provisioning chip burner will give them a competitive advantage by offering security from the point-of-origin.
Realtek’s products are present on laptops, PCs and tablets worldwide. The company manufactures a wide variety of products, such as network interface controllers, physical layer controllers, network switch controllers, gateway controllers, wireless LAN ICs - as well as High Definition Audio codecs, card reader controllers, clock generators and LCD controllers.
GlobalSign is proud to be part of this very important initiative, as we are continuously working towards the goal of protecting IoT devices via our IoT Identity Platform.
For more details on GlobalSign’s IoT Identity Platform, visit https://www.globalsign.com/en/lp/iot-identity-platform/.
Additional Resource Links