A Unique Digital Identity for IoT Objects
By: Steve Clark – Security Technologist, WISeKey
When a baby is born and beginning its life, they are given a birth certificate. This certificate is registered with a government agency and it is given a signature or seal of authenticity. The birth certificate has some basic information about this unique “bundle of joy”. It certifies gender, date & time of birth, location, etc. and identifies the certifying authority that can guarantee the validity of the identity.
The birth certificate becomes the foundational document for authenticating the unique identity of that individual throughout their lifetime. With this verifiable identity the individual can enter school, open bank accounts, receive a passport, and sign contracts. This verifiable identity is also used to grant access and permissions throughout their lifetime.
What happens when an IoT device is born and wants to begin its connected life? Is it registered with a unique identity and given a certificate? In some cases, it is. But in many cases it is not.
Certifiable identities are arguably even more essential for IoT devices, since at birth and first connection to the internet, they can interact with any other device, server, computer, or cell phone that is connected. The IoT device will also need to communicate securely, produce data that can be verified, allow itself to be controlled remotely, and potentially control the actions of other devices.
What is an IoT Birth Certificate?
The individual IoT device can have a birth certificate that is in the form of a unique digital certificate. Analogously, this digital certificate is digitally signed by a trusted Certificate Authority, or “CA” who acts as a trusted third party to ensure that the digital identity is really linked to the device. The certificate contains basic information about the device such as date & time of birth, company name, and the CA that signed it. In addition, the digital certificates contain cryptographic information to accommodate digital verification.
This digital certificate will become the foundation for all transactions that the IoT device participates in throughout its lifetime. It will be used for secure communication and allow its unique identity to be authenticated. With this authenticated digital identity the IoT device can be granted access and permissions to cloud services such as Azure, and it will be used to ensure the cryptographic integrity of all data that the device produces.
The certificate is based on a cryptographic public‑private key pair that is unique to the IoT device. The public key for this key pair is part of the certificate and can be freely distributed. The private key is used whenever the IoT device needs to verify its identity or to sign data to ensure cryptographic integrity.
It is the private key that represents the essence of the identity of the IoT device.
Authenticating the IoT Device
The process of authentication involves two steps; 1. Verification of the certificate, and 2. Verification of the device private key.
The certificate contains a cryptographic signature from a trusted CA. This CA signature can be cryptographically verified. Verifying the CA signature will ensure that the certificate was issued by a trusted authority that can guarantee the validity of the identity.
Once the certificate is verified, the IoT device needs to prove that it has possession of the private key. A verifying entity will send a random challenge to the IoT device and the device returns a signature that is signed using its private key.
Now recall that the certificate contains the public key associated with the IoT device’s private key. This public key is then used to cryptographically verify the signature of the random challenge.
When the certificate and the random challenge have both been verified, the IoT device is authenticated.
Protection Against Impersonation
Since the private key represents the essence of the identity of the device, this private key must be protected. If it is compromised, then valid cryptographic signatures can be impersonated by the attacker and therefore cannot be trusted.
There are several weaknesses in how some IoT devices store and use private keys. Many IoT devices store their private key in onboard memory that is unprotected. Furthermore, they expose this key during the calculation of the signature. Hackers are very creative in their attacks to compromise private keys.
A better solution is to store the private key in a Secure Element. These Secure Elements are specialized chips that are shielded, tamperproof, and have hardware protection mechanisms that are designed to protect the private key. Secure elements also have the ability to calculate signatures using the private key so that the private key is never exposed outside of the chip. These chips can be certified by 3rd parties (e.g. FIPS and Common Criteria) so that there is a confidence that the private key is not exposed.
When a secure element is used on an IoT device it can be trusted since the private key will be protected and the device cannot be impersonated.
Ensuring Trust in the Digital World
The IoT devices of today are increasingly being used for Artificial Intelligence, and in Blockchains. For these applications, the authenticity of the IoT device and the integrity of the data are particularly important.
The decisions of an Artificial Intelligence are dependent on the authenticity of the device and the trustworthiness and integrity of the data. If the data cannot be trusted, then you cannot trust the decisions of the Artificial Intelligence. It is analogous to any person making decisions based on incorrect information.
Since Blockchain ensures the immutability of transactions and data, it is especially important that the authenticity and integrity of the data can be trusted. The blocks constitute a permanent record. When the transactions that make up the block are corrupted by impersonated devices providing data that is not authentic, then the entire Blockchain is corrupted.
Therefore, for both Artificial Intelligence and Blockchain applications, a Secure Element chip should be used to ensure trust and data integrity.
I think the case can be made to give all IoT devices a “Birth Certificate” when they are manufactured. This establishes the unique digital identity of the device and allows it to become a “Good Citizen” of the Internet. As a good citizen the IoT device can then prove its identity and provide verifiable data.
The essence of the IoT identity (its private key) should be protected using hardware specifically designed to keep the private key safe. This secure hardware is usually in the form of a Secure Element chip. This will prevent impersonation of the IoT device and allow trust for all of its online activity.