“EVERYTHING CAN TALK TO EVERYTHING” IS AN ENEMY OF SECURITY
The world of the Internet of Things (IoT) offers wonderful opportunities. The concept of “everything can talk to everything” opens up many productive opportunities. However, the concept of “everything can talk to everything” is also an enemy of security.
Any IoT device should definitely not be able to talk to any other endpoint without:
- A pre-existing, mutually authenticated, persistent relationship established with that paired endpoint
- Coordination, approval and certification through a trusted third party authority
- Rules of use and a digital agreement established between the paired endpoints
Establishing these critical steps is a missing piece to the security of the IoT. TrustCentral’s® patented technology accomplishes this by being:
- Built on a foundation of Public Key Infrastructure (PKI)
- Leveraging well-designed Foundational Security provided by others (e.g., device root of trust; certificate-based authentication; secure boot; signed firmware updates; anomaly detection; etc.)
- Establishing Secure Communication Lines between paired endpoints
- PKI-Enforced Whitelisting (for all IoT device connections) devices talk only to pre-paired endpoints and no others
- A fundamental improvement to the application of TLS (SSH, etc.) between endpoints by moving from the traditional principle of “Trust on First Use” (TOFU) to an alternate paradigm using embedded, long-lived pre-pairing (i.e., Secure Communication Lines) resulting in TrustCentral’s new principal of “Trusted Before First Use”
- Plus: secure IoT device groups; encryption; digital signing; audit trails; trust and reputation scoring; and much more
A SOLUTION THAT WILL SCALE AND SUPPORT IOT DEVICES TO KEEP THEMSELVES SECURE
Critically important for the IoT is that TrustCentral’s solution (by being built on PKI) will scale. It is a missing piece required for an enterprise or government to deploy secure IoT devices that can follow cryptographically precise rules in order to provide IoT devices with the tools they need to keep themselves secure.
TrustCentral’s Security Ecosystem has been designed by the highly-respected Dr. David W. Kravitz. Among Dr. Kravitz’s many impressive accomplishments is the invention of the Digital Signature Algorithm – DSA. TrustCentral’s first nine patents have been issued (with multiple patents-pending).