Monday, March 26, 2018

IoT: IDoT: Identity of Things, Samsung ARTIC

Top Three IoT Security Trends to Watch in 2018 | Samsung ARTIK IoT Platform
"Traditional identity and access management (IAM) systems were developed to identify humans, not machines. To cope with the new connected IoT world, IAM leaders must extend identity management to encompass all entities—humans, devices, applications, and services—in IoT ecosystems. This extension of IAM is known as the Identity of Things (IDoT), and it works by assigning unique credentials, keys and identifiers (UID) to all entities in an IoT implementation. Unique identities enable secure communications between a device and a human, a device and another device, a device and an application or service, and between a human and an application or service. Additionally, device manufacturers and enterprises may want to inject credentials—PKI is generally the best choice—for operational control and secure updates."

this is explained more in interesting interview with Samsung representative in this:
Episode 156: Lennar’s smart home and why it dumped Apple HomeKit – IoT Podcast – Internet of Things

Smart Home - SmartThings | Samsung US

James Clarks (of SGI & Netscape) claims the same: using embedded PKI for device authentication is the best way, completely avoiding passwords (and WiFi, more sercure!)

DraganSr: IoT startup by founder of Netscape: CommandScape | Home

Using PKI in HW is not a new concept, most of current PC's and Windows support it,
but so far was not typically embedded in small peripheral devices.

Trusted Platform Module Technology Overview (Windows 10) | Microsoft Docs

What is Trusted Platform Module (TPM)? - Definition from WhatIs.com

Trusted Platform Module - Wikipedia

"Computer programs can use a TPM to authenticate hardware devices, since each TPM chip has a unique and secret RSA key burned in as it is produced. Pushing the security down to the hardware level provides more protection than a software-only solution."...
The endorsement key is a 2048-bit RSA public and private key pair that is created randomly on the chip at manufacture time and cannot be changed. The private key never leaves the chip, while the public key is used for attestation and for encryption of sensitive data sent to the chip"
TPM could become common in many devices by creating dedicated affordable HW modules, like this:

Energy-efficient encryption for the internet of things | MIT News
"MIT researchers have built a new chip, hardwired to perform public-key encryption, that consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster."

No comments: