THE CHALLENGE OF AUTHORIZING AND MANAGING IOT DEVICE PRIVILEGES, RIGHTS, RULES, AND ACTIVITIES AT THE DEVICE LEVEL
“2-Dimensional IoT” solutions (cloud-to-device) are excellent and sufficient for many, many IoT use cases. There is a sub-set of IoT use cases that are best served with the addition of an authorized “3-Dimensional” (device-to-device) approach to support activities of that sub-set of IoT devices which collaborate in hostile environments. The genesis of 3-Dimensional IoT (and hence, TrustCentral’s proprietary IoT authorization technology) comes from Dr. David Kravitz’s concept: “let’s use PKI in a different way so endpoints can authenticate and securely communicate with each other”.
Authorized 3-D IoT is built on secure, persistent, communication lines between paired IoT devices. Communication lines exist only after they have been authorized through the issuance of an attribute certificate to each communication line.
Examples of needs for which a 3-Dimensional approach is preferred are when:
- IoT devices must securely interact only with authenticated and specified devices and other endpoints
- IoT devices must operate semi-autonomously in hostile environments
- IoT devices must follow rules and policies in their activities
- IoT devices must help keep themselves and their data secure
- IoT devices must demonstrate trustworthiness and maintain a measurable reputation for themselves and their data
2-Dimensional IoT security solutions (with its focus on authentication without also a focus authorization) are vital but, alone, are insufficient for such needs.
TrustCentral authorization technology extends IoT support into a 3rd Dimension;
This technology is complimentary to, and may be used in conjunction with, offerings such as Azure IoT Hub and AWS Greengrass
See Use Cases for examples of 3-Dimensional IoT security and management technology.
TrustCentral’s 3-Dimensional IoT approach focuses on the relationships and interactions between devices. It also focuses on the security, trustworthiness and reputation of not only IoT devices, but IoT device data as well. It supports device-level authorization, privileges and rules of operation. Rules may not only be delivered to devices through the use of certificates, but complex rules may also be delivered in the form of signed digital files that may be read or processed by a device.
Through the application of TrustCentral’s proprietary building blocks, this technology can address challenging use cases such as: for the oil & gas industry by flexibly securing legacy infrastructure or securely delivering AI/ML instructions to devices in the field; securing insecure legacy devices; providing authenticated, secure inter-device communications within hostile environments (e.g., smart home; electrical grid; etc.).
Also by incorporating device and data scoring of their trust and reputation (and integrating the important information with a blockchain) as well as authorization, privileges, rules and groups, this technology can be helpful for complex challenges such as smart cities and autonomous vehicles.
TRUST STACK BUILDING BLOCKS: AUTHORIZATION INNOVATIONS
The Attribute Authority (AA) is fundamentally the conductor of most of TrustCentral’s magic. It performs many unique functions, including: acting as a Trusted Third Party mediating service provider for users/devices; running the Inviter-Invitee Protocol to authenticate communication lines between paired endpoints; establishing and authenticating unique identities of IoT devices (or other computing devices); uniquely associating cryptographic keys to their identities; providing a trusted exchange of authenticated pubic keys of between endpoints; arranging for the issuance of certificates; uniquely associating a PKI certificates and/or attribute certificates with endpoints, communication lines, groups, etc. as needed; as well as performing other functions.
Inviter-Invitee Protocol processing is used between two IoT devices (or other endpoints) for the purpose of creating Secure Communication Lines (see the next section). The Protocol addresses the challenge of authenticating relationships between devices with cryptographic certainty (whether the devices are remote and/or local). Inviter-Invitee Processing utilizes elements of Foundational Security and employs a methodology that thwarts man-in-the-middle attacks. Completion includes acceptance of any digital agreement(s) proffered by the inviter. Inviter and Invitee Processing generates digital audit trails. This standards-based system enables non-repudiation of endpoint events and data to be adjudicated effectively by external parties.
SECURE COMMUNICATION LINES
Securing communication from an IoT device has historically been achieved from a central point to each endpoint device (a one-to-many relationship). TrustCentral could also do this, however as compared to a typically centrally managed PKI, the Security Ecosystem’s innovation technology adds a innovative capability by providing endpoints with the ability to authenticate paired relationships with each other through the application of TrustCentral’s patented Inviter-Invitee Protocol. Upon the successful completion of the Inviter-Invitee Protocol, a secure, persistent, authenticated communication line is established between the two endpoints. This comprehensive application creates multiple one-to-one relationships that can grow to an effectively unlimited number of such authenticated pairs. Communication lines are created on an as-needed-basis.
Communication Lines are characterized by endpoints with context-specific identities that are typically governed by an end-to-end digital agreement. They are auditable, brokered, trusted-relationships where such relationships/digital agreements can each stand-alone, for privacy purposes, or can leverage the build-up of identity confidence levels across relationships. The Security Ecosystem’s Attribute Authority (AA) acts as a Trusted Third Party mediating service provider for users/devices in running the Inviter-Invitee Protocol used to authenticate each communication line by: (a) establishing and authenticating unique identities of IoT devices (or computing devices); (b) uniquely associating cryptographic keys to their identities and those of their invitees; (c) providing a trusted exchange of authenticated pubic keys of between the endpoints (d) uniquely associating a PKI certificate with each communication line.
Communication Lines detail the authenticated relationship established between each pair of endpoints; this is not a communication protocol, rather it is used independently of existing network/IoT communications protocols without conflict.
The application of communication lines permits a fundamental and beneficial change when using TLS for secure sessions between endpoints. Communication lines enhance authentication and security by advancing from the traditional principle of “Trust on First Use” (TOFU) to an improved paradigm available through the leveraging of the embedded, long-lived pre-pairing of communication lines and the result being TrustCentral’s new principal of “Trusted Before First Use”.
Building on the Secure Communication Line innovation, PKI-Enforced Whitelisting of IoT devices can be achieved whereby IoT devices only talk to previously authenticated devices and no others. Non-authenticated and potentially malicious endpoints (whether IoT or not) will not have a digital certificate therefore a PKI-Enforced Whitelisting-compliant endpoint device will not communicate with it. Thus devices become undiscoverable by random scanning (e.g., SHODAN) and security will increase. Hacking and spoofing becomes more difficult: no communication line, no certificate, no access.
This Anti-Spoofing architecture is supported by a certificate-based model based on authenticated communication lines. The result could be considered “whitelisting on steroids”.
A key product of PKI-Enforced Whitelisting is that device trust is enhanced by making adversarial intrusion more difficult to succeed.
SECURE IoT DEVICE GROUPS
IoT devices may be grouped into different groups and subgroups based on a predetermined criteria. This can provide unique stratifications for security and management of devices. Each group membership is established through respective attribute certificates of the respective devices, which may include associated rules for group membership in the attribute certificate. Device group management provides more than one layer of security by permitting communication only between designated groups and/or subgroups. Also, the use of rules associated with communication lines and/or groups may further direct the handling of information for data privacy, for example, by including a requirement(s) for encryption of data; or directing from devices/endpoints may or may not receive specified data. This technology may address granularity of communication and data security requirements in such use cases.
In one example, a “group” could include all of the IoT devices in a single vehicle and a subgroup might encompass the rear sensors. In another group, authenticated personnel could be assigned to a “Maintenance Group” with that group’s membership manageable in real-time (any Maintenance Group member could be trusted by a vehicle’s IoT devices with that trust being confirmed by the “trusted” group attribute. Other examples of possible groups are: the traffic lights in a city; all of the vehicles of a single OEM; a city’s fire engines; a defined group of roadway sensors; etc.
TRUSTWORTHINESS AND REPUTATION
Through the use of secure communication lines to establish relationships between known endpoints, trust and reputation become usable as reliable factors. Performance metrics of established communication lines affect reputation of participating endpoints. Reputation of devices and of users is dependent upon perceived device robustness (which may change during the life-cycle of a given instance of a device), payment timeliness, and service performance timeliness, completeness, accuracy and other factors. The measurement of endpoint reputation, is critical for many reasons, not the least of which is that reputation is the glue that securely binds blockchain and IoT
The Security Ecosystem can be extended across multiple enterprise and/or government entities. To support this there will be more than one PKI in use (which means more than one certification authority issuing PKI certificates). The extension of IoT Device, IoT Device Group and other endpoint trust relationships will require coordination between PKI’s. These PKI’s will each incorporate a TrustCentral proprietary Attribute Authority (AA). The AA will coordinate and cross-certify Secure Communication lines, Secure Groups and other Security Ecosystem proprietary relationships, thus extending device and group trust from one PKI to another. [This process becomes involved for the automotive use case; see Autonomous Vehicles & V2X].
TRUSTCENTRAL SOLUTION PLATFORM
These described components encompass the Security Ecosystem Platform with the addition of one vital element: TrustCentral’s proprietary Attribute Authority (AA). This Attribute Authority allows the Security Ecosystem Platform to use the PKI and PMI in innovative ways. For example, the AA acts as the trusted third party to facilitate and authenticate the secure exchange of public keys between endpoints. The AA also acts as the trusted third party during the Inviter-Invitee Protocol that is used to authenticate and establish persistent, secure relationships between endpoints. It is the AA (coordinating each of the PKI’s of multiple Security Ecosystems) that causes device trust to be fully extended through cross-certification.
All of these capabilities are made available for external use and management through the TrustCentral API (refer to the API page on this site).