Security has seldom been the focus of device manufacturers who have historically taken their own approach for securing the devices in the IoT. Most devices in enterprise, consumer or industrial IoT continue to be developed and designed to perform specific functions and security is often a neglected theme in the majority of product development lifecycles. The proprietary protocols these devices operate on are primarily characterized by the purpose they are built to serve and offer very limited or no interoperability. With the increasing convergence of IT and OT towards IoT, lack of a common operating framework and security principles pose some serious challenges for device manufacturers and also the consumers.
In an increasingly connected world where we see an explosion of networked and cloud-enabled devices ranging from home appliances to medical devices to consumer electronics, creating and maintaining device and user identities, the relationships between the various entities and ensuring the integrity of devices has remained a constant challenge for consumers as well as for the security leaders. The industry has seen the emergence of several standards from governing bodies and consortiums but we still lack appropriate mechanisms that define how the identity of things (IDoT) should be defined, standardized and deployed across operating networks and entities. Besides the need for verifying identity and establishing trust levels of various entities such as devices, people, applications, cloud services and/or gateways operating in an IoT environment – there’s a need to manage ‘Identity of Things’ or IDoT throughout the lifecycle of things.
An effective authentication and identity framework for IoT devices should be able to provide appropriate protection against cyber threats throughout the distinct operational life-cycle stages of a device depicted here in the figure:
Authentication for the devices in IoT is different and considerably lighter weight than people authentication methods prevalent today due to the potential resource constraints of devices, the bandwidth of networks they operate within, and the nature of interaction with the devices.
A lack of established industry standards for IoT authentication has led vendors to develop proprietary authentication methods. Since many IoT devices can be resource-constrained with low computing power and storage capacity, existing authentication methods are not a good candidate due to their significant bandwidth and computational requirements. There is a growing need to evaluate and streamline the methods adopted for device and service authentication over constrained IoT networks. It is important to analyze and use the factors essential for verifying the identity of ‘things’ to establish the desired level of trust in the device identity without overburdening the fit-for-purpose computing abilities of the IoT device. While there is increased adoption of the adaptations/ deviations of standard authentication methods such as PKI, OAuth and OIDC to serve the required scope and scale of the IoT use-cases, we also see the use of standards from OAM DM, LWM2M and TR-069 specifications for establishing secure communication between the constrained nodes in the IoT networks.
The resource-constrained nature of many IoT endpoints severely limits their ability to sustain prevalent authentication methods which have further led to the adoption of proprietary authentication methods in the market that do not conform to trust requirements and offer very limited or no interoperability. This is, however, changing rapidly as the industry moves from considering security as an afterthought to including it as part of the system design process. The majority of embedded systems today implement device authentication methods that rely predominantly on a software-based approach. Popular examples include use of MAC (Message Authentication Code) to enable secure key exchange for device authentication over constrained IoT protocols, as well as light-weight adaptations of PKI and OAuth2 protocols to match the scope and scale of IoT use-cases.
The software implementation of IoT authentication has notable cost and maintenance advantages but the protection offered by these methods is severely restricted by the security of embedded OS and coding practices of embedded system developer. Largely ineffective against the common software-based attacks and physical device tempering, software implementation of IoT authentication methods are known to offer limited or no protection against the next-gen IoT threats that exploit specific IoT device functions such as remote administration, device provisioning and boot sequence.
Hardware-based security approaches such as Hardware Root of Trust (HRoT) and Trusted Execution Environment (TEE) are fast becoming an industry-wide standard for securing desktops, tablets and mobile phones. These approaches have found an increased relevance to securing IoT devices. Hardware-based ‘root of trust’ offers on-chip security functions including key generation, integrity checks and attestation, which are executed in an isolated hardware environment and, therefore, offer effective protection against physical thefts. Trusted Platform Module (TPM), a prime example of HRoT implementation, when combined with software-based PKI delivers high trust authentication for IoT devices. Other than securing digital credentials, TPM trust measurements provide secure control over the boot sequence of IoT devices thereby validating the authenticity of each device as it loads up in the IoT network.
The choice of an appropriate authentication method for a given set of IoT devices is largely driven by the identity assurance requirements that vary from device to device, depending primarily on the operating environment, device lifecycle stages (as depicted in the figure above) and the impact of potential compromise through unauthorized access. IoT security designers and architects should make use of defined metrics that correlate the trust level(s) offered by available device authentication methods to the trust requirements of IoT devices. Hardware-based authentication methods such as TPM are most suited for IoT use-cases where the requirement of establishing higher levels of trust (equivalent to FIPS 140-2, level 3 to 4) in the device identity is paramount.
Since strong authentication methods that provide a higher level of trust in the device identity are not a viable option for many IoT use-cases where the concerns of additional component cost and increased device size restrict the adoption of TPM or TEE methods, considerable loss in the strength of authentication method and hence in the associated level of assurance is expected. IoT security architects should work to find out the right balance and realize an appropriate trade-off in the level of trust offered by authentication methods for each category of IoT devices in operation.