Cybersecurity poses a serious risk in the emerging field of Operation Technology (OT) to IoT devices deployed ubiquitously across the industrial, automotive and home automation sectors of industry. Tamper resistant devices across the supply chain require certificate based enrollment. Update services require high assurance cryptographic signatures for secure delivery of updates over the air or over the network to remote devices. Zero Touch Provisioning (e.g., the ability to configure a device without user interaction, typically during device installation) is required for device registration and device management services. Current approaches for device registration include manual provisioning using web portals using a user generated digital hash (digest) of an endorsement key or a certificate (X.509), or use of a service provider proprietary JSON Web Token (JWT) based on assigned device identifiers. Automation is achieved using scripts for batch processing for scalability of the operation. An alternate emerging approach is the use of private/permissioned Blockchain technology to enroll participants based on decentralized authentication and use of public key infrastructure (PKI) for cryptographic signatures. Alternate methods based on the use of Blockchain provide strong protections against data tampering, decentralized control for scalability, and public key cryptography and digital signatures to protect ownership of digital assets and transactions.
Limitations of such methods include inadequate proof possession of non-real-life identity, insecure identity proofing methods, proprietary methods for certificate management that are not protocol based, vendor lock-in, and only address the device enrollment use case, after which applications must deal with secure keys/storage and certificate management, that makes applications vulnerable. Other approaches provide signature-based secure change of ownership through the supply chain using group membership based key pairs. However, this requires a centralized broker in the workflow outside the information technology (IT) and OT domain of operation. Blockchain-based approaches lack non-repudiable device identity in communications; device enrollment lacks authoritative proof of identity, and lacks scalability at high volume of concurrent transactions.
Blockchain technology provides a method of decentralized control for scalability, data signing and signature verification, based on public key cryptography and digital signatures to protect ownership of digital assets and transactions. However, there may be no non-repudiable device identity in communications, the IoT device registration may be performed without authoritative proof of identity, and IoT devices may lack the required computational power to encrypt and decrypt data. Blockchain applications submit transaction requests to the network. A peer on the network processes the transaction request using a smart contract (codechain), updates a ledger, and emits a block of transactions for integration between systems.
Current approaches use various methods for device discovery, identification and registration. These methods either require user intervention on headless devices (i.e., devices that operate without an interactive user) or require administrative actions to pre-register a device prior to authoritative discovery and identification for registration. Some such methods include (a) discovery based on a network (IP) address and personalities (e.g., well known service ports, application protocol specific query inspection, etc.); (b) device pre-registration to apply enrollment rules by device type; (c) discovery of headless device using shared secrets; (d) enrollment policies by type of device; (e) trusted association between the appliance and a certificate authority wherein the issued certificate is associated with a communications address of the device; (f) use of a preexisting cryptographic key pair; (g) trust relationship between inside and outside endpoints and an intermediate assisting gateway device, wherein a device password or pre-registration of the device in a configuration database is required; (h) identifying by a service a network device using a unique identifier of the device; (i) identifying a first device connected to the network using a second user device, further wherein the first device acquires its IP over DHCP; (j) use of a HSM by an asset management system to create a secure endpoint between controller and appliances; and (k) use of a network connected assisting device to connect to another device by device identifier, which requires a preexisting certificate or token for another device.
Technologies that are based on the need for privacy protection and anonymity, such as for example the Intel® Enhanced Privacy ID (EPID) scheme, use a group public key and member unique private key for a member to prove to a verifier that it is a trusted member of a group without disclosing the identity of the member. However, such methods are limited to verification of message integrity in data exchanges and require a centralized issuer to create groups and manage memberships. While the EPID signature facilitates in an attestation based transfer of ownership from a silicon vendor to an IoT service provider, device lifecycle management requires administration, operation and maintenance based on device certificates and PKI for data confidentiality.
Other approaches based on blockchain provide for signing keys to protect data-at-rest, data signing, and signature verification between a client and server using a centralized broker and Representational State Transfer (REST) APIs to sign and verify data hashes. Such use of keyless signatures without relying on PKI or certificates is limited to message signing for data integrity. The signature scheme on the server requires periodic (monthly) renewal.
Alternate approaches based on use of a unique digital fingerprint of the device based on immutable hardware configuration, and algorithm processing that requires at least one user configurable parameter for filler code, is not a viable solution for headless devices or scalability across millions of distributed IoT devices. Using a private key based on the digital fingerprint of the device, and including the digital fingerprint of the device in the issued public certificate for the device, defeats privacy and anonymity protections, and exposes the device to reverse engineering and hacker attacks.