2024-12-12
IoT ecosystems are heavily segmented across industries, with each sector, like EV charging or medical devices, having its own specific standards for how security should be implemented. What is common, however, is that most IoT standards specify PKI for device identities and PKI-based signing as part of their security posture.
Join Sven Rajala, the international PKI Man of Mystery, and Ray Lillback, Sr Director of IoT Solutions Architecture, as they give an overview of common themes in the IoT PKI space.
Watch the KEYMASTER episode here:
A central theme in most IoT use cases is creating a centralized trust chain for IoT devices. The standards aim to establish auditable trust, protect key material, and enable automated trust distribution to individual devices. Examples like the EV “Plug-and-Charge” system demonstrate how PKI can provide a global trust network similar to web browsers, ensuring seamless interaction across manufacturers and EV charging ecosystem players.
The protection of private keys is a cornerstone of IoT security. Robust solutions often include features such as Trusted Execution Environments (TEEs), Secure Elements for constrained devices, and TPMs, as well as backend systems utilizing Hardware Security Modules (HSMs) for secure key storage. When these technologies are combined with PKI and digital signing, they enable a significantly higher level of security and trust compared to relying solely on software-based key generation, key storage, and signing operations.
Interoperability is another major focus in IoT. When applicable, it is recommended that manufacturers leverage standard PKI enrollment protocols. This streamlines device onboarding and supports achieving compatibility across ecosystems. This not only simplifies operations but also ensures adherence to various IoT standards without reinventing the wheel.
Code signing is crucial for validating firmware updates and securing the IoT lifecycle. By integrating code signing with Hardware Security Modules (HSMs)—where signing keys are generated by the HSM and the signing operation is performed within the HSM—the private key never leaves the HSM. This approach enhances auditing capabilities and protects against supply chain vulnerabilities.
The session concluded with a look ahead to future discussions, including themes like bootstrapped trust for devices and further explorations into IoT security. The adoption of PKI was underscored as a foundational approach to addressing IoT’s complex security and interoperability challenges.
Stay tuned for more insights in upcoming IoT-focused episodes!