One of the prominent discussion points concerning the Internet of Things (IoT) involves security, and public key infrastructures (PKI) are typically the backbone for this security. The asymmetrical public key system is used for everything from TLS network protocol stacks to blockchains to secure network updates.
PKI services can run on most operating systems like Linux and Microsoft Windows Server, but only to manage keys. Chores such as such as signing code for secure network updates usually aren’t integrated into the PKI server. Setting up this and more key-related options can be challenging. There are many vendors and projects that provide developers with customized security services—like Mender’s open-source, over-the-air update client and server software that targets specific applications, such as Linux device updates—but they often focus on a particular security aspect like secure updates.
Green Hills INTEGRITY Security Services’ Device Lifecycle Management (DLM) TRUST appliance addresses a number security chores. It comes configured with its own secured hardware and software, including secure boot and encrypted storage, which is often overlooked in roll-your-own systems. It provides a web-based interface to create, manage, and deploy certificates, digitally signed certificates, and code for secure updates. There is a drag-and-drop interface where items can be signed, and it supports features like requiring multiple signatures for actions such as deploying a signed, secure update.
Image courtesy of Thinkstock
DLM TRUST can generate trust assets compatible with many of the secure microprocessors and controllers from vendors such as Texas Instruments, Infineon, ST Micro, NXP/Freescale, and Renesas. The key issuance service can securely distribute individual and group keys to devices, and it supports x.509 and custom certificates for authentication with protocols including like SSL/TLS, SSH, and HTTPS.
The chain of trust does not start with an IoT client. It starts with servers like DLM TRUST that manage keys and signed content, and they need to be properly secured.
IoT has many attack surfaces, and IoT security needs to address them all. Platforms like DLM TRUST are only part of the solution, but it pays to implement them well. After all, compromising them can compromise a very large collection of devices, including smartphones, tablets, and PCs.
