To prevent counterfeit devices from joining a network or to limit the opportunity for network attacks, it’s important to authenticate devices attempting to join Internet of Things (IoT) networks and subsequently connect only authorized devices. The standard mechanism to securely authenticate clients connecting to a server is transport-layer-security (TLS) client-side authentication.
To implement such authentication in an IoT network, the appropriate certificate authority (CA)—usually the IoT device provider—issues a unique X.509 certificate to each IoT device and the associated private key that functions as a unique security credential for the IoT device. Once the certificate and associated private key are stored on the IoT device, it may use them during the TLS client-authentication process to securely join the IoT network.