It used to be so simple—IoT products and services just had to worry about correctly identifying users and managing their access to data sources. But in a few years, there will soon be more than 22 billion IoT-connected devices (on a planet of only 7.5 billion people). And these devices will be increasingly connected directly to each other and to cloud-based apps and services. Which means Identity and Access Management (IAM) services will have to be able to uniquely identify 22 billion devices, sensors, monitors, and so on in addition to 7.5 billion potential users.
In fact, a just-released study from ABI Research foresees the identity and management of “things” (i.e. IAM 2.0) is estimated to grow to a $21 billion (US) opportunity by 2022.
The Identity of Things (IDoT) addresses the growing need for device identification
The explosive growth of the IoT means IAM must change its focus from identifying humans to identifying machines (in addition to humans). And as you develop your IoT products and IoT-based business initiatives, you will need to identity management systems which can manage all the entities in your solution—humans, devices, applications, and services. “We are entering a transformational period where device, system, and user IDs are forced to merge under the hyper-connected IoT paradigms,” said an ABI Research analyst, “effectively altering the way Identity of Things [IDoT] services will be perceived from now on.”
Your devices and cloud must securely identify themselves
Rogue devices which mimic your products can consume costly cloud resources. To prevent rogue devices from authenticating to your cloud you need to equip legitimate devices with X.509 public key certificates. These certificates can be used by your cloud to uniquely identify each device connected to it. However, using X.509 certificate authentication can greatly complicate IoT device manufacture and design. You must acquire certificates from trusted certificate authorities and inject a unique X.509 certificate into each device during the manufacturing process. If you use a third-party to manufacture a custom chip, you expose the certificate authority’s signed certificate and the corresponding private keys to outside parties – a major security risk.
What is IDoT and how does it work?
The absolute foundational requirement of IoT security must be to firmly establish the identity of your devices—basic sensors and gateways, industrial and HVAC controls, smart cars, home security cameras, and so on. Which means assigning unique credentials, keys, and unique identifiers (UIDs) to all entities in your IoT implementation. And only after you create unique identities for all these things can you manage their operational security and access to sensitive and non-sensitive data.
IDoT enables secure communications between devices and humans, devices and other devices, devices and an application or service, and between humans and an application or service. As an IDoT best practice, device manufacturers and enterprises should consider integrating public key infrastructure (PKI) credentials for operational control and secure updates into all IoT product.
How PKI (and the Samsung ARTIK platform) can help
In fact, according to the Ponemon Institute, 42 percent of IoT devices will have PKI credentials onboard by 2019. This is not nearly sufficient.
In the pre-IoT world, IT organizations typically manually installed and managed PKI. But when you are dealing with possibly tens of thousands of unique things, a more streamlined and pre-integrated process is required. Which is where Samsung ARTIK can help. ARTIK system-on-modules (SoMs) have PKI directly-injected into hardware during manufacturing. Additional digital certificates can be provisioned during device manufacture and even after devices have been deployed in the field.
The Samsung ARTIK IDoT approach includes device protection and trusted code execution built into a hardware Secure Element, which is injected at the factory with a unique ID protected by tamper-resistant hardware. This ID essentially functions as a birth certificate that can be used to prove the identity of an ARTIK SoM identity throughout its lifecycle.
By building hardware-backed IDoT and PKI management into the ARTIK platform, Samsung makes it easy for enterprises and device manufacturers to roll out secure IoT solutions in which you can guarantee that connected devices are who they say they are. This enhances corporate security, customer data privacy, all while reducing the need for sophisticated, in-house IoT security expertise.
Previous blogs in this series: