Security and Connectivity for the IoT Edge

+1 978-264-6600

Menu

IoT Edge Device Security

IoT Provisioning

IoT provisioning is the installation of software, or more commonly firmware, on an IoT device. Devices have lifecycles that span two to twenty years, so secure, remote provisioning is critical to keep them updated rather than replacing them.

It must be securely handled through all stages of IoT lifecycle management to prevent loss of control, loss of data or damage from external threats.

Provisioning starts in the Beginning of Life phase when the software is initially installed and continues during Middle of Life as new versions override existing ones to add features or rectify problems. End of Life requires a special type of provisioning that wipes out data and access to intellectual property to maintain privacy and safeguard against IP theft.
 

Models Used for Secure IoT Provisioning 

There is no single provisioning model that works across the multitude of IoT devices and applications that exist since they have different hardware, software, features and capabilities. However, there are a few models that are commonly used.

OTP One Time Programmable
The one-time programmable method stores software in a fixed part of a device and cannot be changed or updated. If the software needs to be updated the IoT device is replaced with a new one. This method is acceptable if the software will not change during the product’s lifecycle.

Blob Model
The Blob model also uses an area within the device to store software/firmware, but unlike OTP, the software can be updated. This occurs “in one shot” that replaces the old software with the new – it is all or nothing. The updating can be done in stages, with the new version stored in a staging area on the device until it replaces the previous version. Blob is a brute force, less sophisticated method for provisioning software.

Asset Approach 

This method is granular and scalable, but it is complex. With the Asset Approach, there are multiple areas on the device, referred to as assets, that maintain programs that perform specific functions. Each asset may have a unique version number and program size. This approach offers maximum flexibility because device functions can be altered or controlled independently. However, this method can be complicated because software across all assets must be compatible with the device to operate properly.

Enterprise IoT infrastructure providers such as AWS, Microsoft, and Google recognize there isn’t a one size fits all approach, so each supports different models to facilitate secure IoT provisioning.
 

Provisioning is Part of a Secure IoT Infrastructure

Provisioning is a meta-application that draws on key security capabilities that in combination create embedded trust within an IoT ecosystem.

Root of Trust
Extremely important for provisioning because it is the DNA of a device.

Secure Boot
Ensures the device boots up with the proper provisioned software and has not been compromised.

Secure Parameter Storage
Basic and operational configuration parameters are stored securely on the device once it is provisioned.

Validated Cryptography: 
Provisioning builds on the validated cryptography.

Secure Data in Motion
Ensuring that data in motion during provisioning is transferred across a secure network and that the source can be validated.

Secure Data at Rest 
The provisioned software is protected and securely stored.

Let’s Talk IoT Security

Implementing IoT device security can be a challenge. Let us help you by sharing our proven framework for integrating a proactive security approach into your design. Click the button below to schedule a one-on-one web conference to discuss your security needs.