Telecoms, Datacoms, Wireless, IoT


Device identification’s critical role in IoT protection

22 November 2023 Telecoms, Datacoms, Wireless, IoT

A unique identity for IoT devices is a fundamental building block to ensure the secure and efficient operation of the IoT ecosystem. Each IoT device must have a unique identifier assigned during manufacturing or provisioning. This serves as the anchor for device identification, authentication, and communication.

Having a unique identity distinguishes each IoT device from others in the network, permitting precise identification and tracking. On the one hand, this enables efficient management, maintenance, and troubleshooting. The unique identity allows devices to be easily located, monitored, and updated, reducing operational complexities, and enhancing overall system reliability.

Device identity is also the basis for authentication and access control. Ensuring uniqueness is crucial to prevent unauthorised devices from masquerading as legitimate ones. Assigning a unique identity makes it possible to establish trust and ensure that only authorised devices can connect to the network. The unique identity also makes it possible to assign privileges for specific authenticated devices, to access resources or perform certain actions appropriate to their role, based on predefined policies. In this way, device identity provides protection against unauthorised access, data breaches, and potential malicious activities.

Assigning identity

Various strategies can be used to assign device identities, although critical requirements include consideration for scalability, interoperability, and robust security features. Scalability is increasingly important as the number of IoT devices grows exponentially. A suitable device identification scheme needs to be able to handle large numbers of devices, without sacrificing performance or security. Efficient management capabilities are also needed, such as device registration, provisioning, and revocation, to ensure easy administration of the device ecosystem.

One common approach to device identification is to assign Universally Unique Identifiers (UUIDs), also known as globally unique identifiers (GUIDs), during the manufacturing process, to be embedded in hardware or firmware. A common form of UUID is defined in ITU-T X.667 and ISO/IEC 9834-8. It comprises a 128-bit (16 octets) string expressed as hexadecimal digits with a hyphen separating the different fields. The coding includes a timestamp and the MAC address of the generating computer. An example may be: f81d4fae-7dec-11d0-a765-00a0c91e6bf6. Because there is no centralised authority for generating UUIDs, it is possible that two devices may share the same UUID, although the probability is extremely small.

The device identity will be the basis for the authentication and authorisation of the device, so this identity must have some properties. It must be immutable, non-falsifiable, and must also not be cloneable. For implementing these properties, some cryptographic techniques can be used employing asymmetric key pairs. The unique private keys are assigned during production, and securely stored on the device, while corresponding public keys are used for authentication and secure communication with other entities in the IoT ecosystem. One example is X.509 certificates.

X.509 is a standard format for public key certificates. Now adapted for Internet use, the certificates bind cryptographic key pairs to an entity’s identity. This facilitates strong authentication by verifying the identity of the certificate holder. The associated encryption and integrity mechanisms enable secure communication, ensuring authenticity, integrity, confidentiality, and protection against tampering or eavesdropping. Certificate authorities (CAs) hold the private encryption keys needed to issue and sign certificates and thus establish a chain of trust.

Managing identification and identities

There is no single organisation appointed to administer IoT device identities. Identity providers can vary, depending on the specific deployment and requirements of the IoT ecosystem. In practice, there is a multitude of providers that offer services for managing IoT device identities and authentication.

Different organisations or platforms may provide their own identity solutions tailored for IoT, and they can act as identity providers for their respective IoT devices. They may offer additional, related services like device registration, authentication, access control, and other identity management functionalities.

Popular identity providers include well-known cloud computing and IoT service providers. IoT solutions deployed on their platforms may use their services to handle device identity management. On the other hand, well-known certificate authorities (CAs) such as DigiCert, GlobalSign, and Keyfactor offer IoT identity and security solutions. These include the management of X.509 certificates.

In addition, manufacturers of ICs such as microcontrollers offer solutions that allow them to act as IoT device certificate authorities. The devices integrate hardware-based security features, such as secure storage, cryptographic algorithms, and key management capabilities that allow the manufacturer to act as a CA, and so issue and manage X.509 certificates for IoT devices directly on the microcontroller. Using such solutions can simplify the integration of secure identities into IoT devices and enhance the overall security of IoT ecosystems.

Alternatively, device identity can be assigned during provisioning, as the device is configured for attachment to the network. The identity can be securely generated within a secure element or trusted platform module (TPM), which may be included as part of the IoT device’s circuitry. The associated cryptographic keys are then securely provisioned.

Otherwise, a unique identifier can be generated from a combination of factors such as a device-specific hardware attribute, random number, or cryptographic hash. The generated identifier is stored securely in the device’s memory or associated with the device record in an identity management system.

Another approach is for the device to obtain its identity dynamically during the provisioning process. In this case, the device may communicate with an identity provider or backend system during initial setup or registration and receive a unique identifier assigned by the provisioning system.

Conclusion

Assigning a unique identity to IoT devices is essential to enable the deployment to function properly and to ensure security by excluding unauthorised or unknown devices. Given the nature of typical IoT applications, which is to capture vast quantities of data from large numbers of connected devices, scalability is a critical requirement of any identification scheme. In addition, consideration for device registration, provisioning, and revocation is required.

The identity of a device can be assigned at manufacture or during provisioning, as the device is configured and set up within the system. A number of approaches are available, including assigning UUIDs and using cryptographic techniques like X.509 certificates, which may be administered by the device manufacturer, IoT platform host, or various other trusted entities.

With the help of the product modification capabilities in its programming centres, Avnet Silica offers a range of services that include identity injection, or identity collection, depending on the products and use cases, and can ship identifiable parts to the contracts manufacturers and send the list of identities (a.k.a. whitelists) to customers.


Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Companies collaborate on EnviroMeter
Avnet Silica Test & Measurement
STMicroelectronics and Mobile Physics have joined forces to create EnviroMeter for accurate air-quality monitoring on smartphones. Time-of-flight optical sensing enables an accurate personal air quality monitor and smoke detector.

Read more...
AIROC Bluetooth LE MCU
RS South Africa Telecoms, Datacoms, Wireless, IoT
Infineon has launched its new AIROC CYW20829 Bluetooth LE MCU, a full-featured Bluetooth LE v5.4 device with best-in-class RF performance, security, and energy efficiency.

Read more...
Ultra-low noise phase locked frequency translators
RFiber Solutions Telecoms, Datacoms, Wireless, IoT
These ICs are the perfect solution to translate a low-frequency master reference clock or reference oscillator to a higher frequency to improve phase noise, reduce power consumption, and simplify circuit complexity.

Read more...
What 2024 holds in store for Wi-Fi in South Africa
Telecoms, Datacoms, Wireless, IoT
Wi-Fi is poised for significant advances in 2024, to the point where fixed wireless services in unlicensed spectrum will start taking over from the currently dominant cellular and fibre services in South Africa.

Read more...
Easy wireless mesh networking
CST Electronics Telecoms, Datacoms, Wireless, IoT
NeoCortec has announced three new NeoMesh Click boards that are ideal for wireless mesh networking, eliminating the need for engineers to create any development PCB hardware themselves.

Read more...
Compact RF-link module
Telecoms, Datacoms, Wireless, IoT
The SCALAE CONTROL is an RF-link module that can be configured to operate as both a transmission and reception module.

Read more...
Revolutionising spectrum sensing with AI
Tamashi Technology Investments Telecoms, Datacoms, Wireless, IoT
Anritsu Corporation has now enabled advanced AI capabilities for solving difficult problems in wireless communications systems using DeepSig’s proven AI machine learning technology.

Read more...
LoRa transceiver module
CST Electronics Telecoms, Datacoms, Wireless, IoT
The RYLR896 transceiver module from REYAX features the LoRa long range modem that provides ultra-long range spread spectrum communication.

Read more...
LTE-M modules with integrated GNSS
RF Design Telecoms, Datacoms, Wireless, IoT
u-blox introduces new LTE-M modules with integrated GNSS to boost industrial connectivity. The SARA-R52 and LEXI-R52 series optimise cost and performance, while eliminating the need for extra components.

Read more...
Quectel increases its IoT antenna range
Quectel Wireless Solutions Telecoms, Datacoms, Wireless, IoT
Quectel has expanded its IoT antenna portfolio with six new 4G and 5G antennas that cover a wide range of use cases.

Read more...