The recently released 2019 Global PKI and IoT Trends Study reinforces the use of PKI for generating secure roots of trust in IoT applications. Unfortunately, the study states that “only 42% of IoT devices in use will rely primarily on digital certificates for identification and authentication.” The rapid adoption of IoT technology in all walks of life and this statistic forecast a potentially dangerous future. We have already seen how IoT applications such as cameras can be utilized for mass DDOS attacks. Altering the intended function of an IoT device is the most significant threat to any IoT ecosystem. Protecting IoT data privacy, authenticity and validity remain the highest security concerns. All value derived from any IoT applications comes from the data generated and how the larger ecosystem acts upon it.
FIPS validated HSMs in conjunction with detailed processes and procedures are utilized to generate initial roots of trust for IoT devices typically during manufacture. FIPS validation ensures the cryptographic correctness – modules have been subjected to independent rigorous validation testing – significantly reducing the risk that complex encryption algorithms are properly implemented.
While not required in many industries, it is highly recommended to utilize FIPS validated cryptography modules on IoT deployed devices and their cloud counterparts. This further reduces the risk that any cryptography utilized to ensure privacy, authenticity, and validity of IoT data in the larger ecosystem has been properly implemented.
Securing IoT data starts with an immutable Root of Trust and allows IoT devices and their larger ecosystems to build chains of trust that support the privacy, authenticity, and validity of all data. PKI’s are a critical component of making IoT ecosystems deliver value to their owners.