Last updated: September 2022
The Internet of Things (IoT) is transforming the world we live in. Experts estimate there will be 75 billion connected devices online by 2025. But, as the IoT grows, so does the necessity of securing connected devices in the IoT. Smart companies are using PKI for large-scale identity and data protection needs. Public Key Infrastructure (PKI) is the foundation of securing (IoT) devices, and the most common solution for securing the IoT. As an accepted and well-established standard, PKI is a core component of data confidentiality, information integrity, authentication, and data access control. PKI is the foundation required to secure communication between IoT devices and platforms.
The rapid growth in the IoT is exciting because nearly all systems, devices and objects are being connected to the internet to automate, provide convenience, and collect and share data. However, this growth is leading many companies to struggle as they look for large-scale, reliable security to protect their IP and investments, as well as earn consumer trust using the IoT. To solve this challenge, PKI is the strongest and best solution for securing the IoT.
Simply put, PKI is a proven technology that enables large-scale authorization and reliable encryption for ultimate trust — yet companies and customers still assume that PKI is too complex or too difficult and try to invent something themselves to protect their IoT infrastructure instead. The scalable and flexible attributes of a PKI solution make it the right choice for securing connected devices. PKI ensures the integrity of data through the following:
As companies begin to think about securing their IoT ecosystems with PKI, there are a few primary considerations, such as CA functions, provisioning, and deployment for building a PKI infrastructure to match their specific use-case.
Security advantages in certificate-based methods
PKI, using digital certificates, is being used on a number of interesting devices, like electric vehicles, medical devices, smart cities and most recently, to securely connect smart home devices of various manufacturers with Matter. Experts recommend certificate-based methods to secure IoT devices because certificates support proper security measures like the implementation of multi-factor authentication. More specifically, TLS/SSL supports two-way certificate-based authentication (e.g., device-to-server, or device-to-device authentication).
Those familiar with the IoT space will recognize messaging protocols: MQTT, CoAP, XMPP, DDS, and HTTP/REST. Some organizations, like Amazon (which uses MQTT and REST protocols for their IoT service), may require TLS certificates as an added layer of protection. For MQTT protocols specifically, an added TLS layer is critical because MQTT machine-to-machine authentication options are sent in the clear using username/password methods. Overall, whether it be through native protocols or a wrap-around approach, certificate-based methods are recommended for security in the IoT. These methods avoid the weaknesses of a typical symmetric key management approach by offering greater scalability and methodical management of these certificates and the key pairs associated with them.
Digital certificates within a PKI infrastructure are flexible and fit many use-cases. Generally, certificates pass through a lifecycle that includes discovery, analysis, procurement, provisioning, management, monitoring, and remediation. But because there is diversity amongst devices and certificate use-cases in the IoT, certificate management lifecycles in the IoT may differ greatly from traditional uses.
To customize PKI to meet specific use-case(s), many companies choose to work with commercial certificate authorities (CAs), like DigiCert, who can lend expertise and provide platforms, like DigiCert® IoT Trust Manager, to manage certificate lifecycles. Provisioning, revocation, and proper configuration of certificates requires smart automation and maintenance — tasks that a PKI as a service can provide for you.
DigiCert IoT Trust Manager provides a comprehensive, automated workflow for companies to manage their IoT devices with certificate-based security, during manufacturing and at the edge. It offers the scalability, flexibility, control and efficiency required for a network of connected devices. Administrators can monitor the entire certificate lifecycle, facilitate secure updates, customize metadata about the device within certificates and remain compliant. Rather than building and maintaining a self-managed PKI, IoT Trust Manager automates PKI deployment, making it easy to manage a large network of devices. Admins can customize permissions and access control to segment administration for different user groups. Because DigiCert IoT Trust Manager is part of DigiCert ONE™, it has the flexibility to be deployed on-premises, in-country or in the cloud to meet stringent requirements, custom integrations and airgap needs.
It is critical organizations take responsibility for their own systems and understand where their keys and certificates are being deployed.
Here are six best practices for key and certificate management:
Overall, takeaways for using PKI in the IoT are:
IoT providers and manufacturers must take steps today to protect IoT investments. Learn more at https://www.digicert.com/iot/iot-trust-manager.
To discover how PKI unlocks a connected world of possibilities; read our PKI eBook.