default banner

There are two threats to consider when it comes to the identity of connected devices:

  • Impersonation or identity theft: connecting a corrupt device in a fleet of devices could distort or, worse, destroy the infrastructure.
  • Counterfeits in the device fleet: this would mean a loss of value for the manufacturer.

 To counter these threats, the users of the system must be identifiable, whether they are people or devices.

 

Identity Access Management and biometric solutions for the digital identity and security of individuals

Several efficient tools already exist in Identity Access Management (IAM). Multi-factor-authentication and biometric solutions are now widely used to verify people’s identity. These solutions focus on data privacy and provide data access authorization or privilege management. Secure-IC offers solutions that focus on device identity authentication. This approach is more complex, more reliable and unfortunately not yet widespread enough.

 

Secure-IC’s solutions for trusted digital identities for connected devices

IdentityThere are some unreliable solutions to authenticate a device, using a static IP address or the Bluetooth module ID for instance. The problem is that this identity is accessible to anyone, and since it is stored, it remains easily traceable.

Secure-IC offers 2 solutions to guarantee a secure and reliable authentication of devices:

Symmetric & Asymmetric Cryptography

  • Symmetric cryptography: the server sends a message to the device, the device performs a cryptographic calculation on the message and sends it back to the server. The server validates that this is the expected response, and that it is a trustworthy device.
  • Asymmetric cryptography: the device has a pair of keys, a public key (which can be shared) and a private key (which must remain secret). During the manufacturing process, the public key is signed by the manufacturer, which generates a certificate that guarantees the trustworthiness of the environment. When needed, the server sends a message to the device which will answer signing with its private key and joining the certificate. Then the server verifies that the certificate is trustworthy and checks the signature of the message (thanks to the private key) to authenticate the device.

PUF (Physically Unclonable Function)

  • The inherent properties of the device are characterized in order to extract a unique and unclonable fingerprint. This fingerprint is not stored anywhere. Indeed, when the device is tested, the fingerprint is generated and the response is compared to the expected response.

 

Those 2 solutions can be implemented in our iSE: they enable to store an identifier for the device in a highly secured way thanks to the robust insulation of the secure element. 

 

Zero-trust approach & end-to-end security as a response to an attacker that is getting stronger

Future IoT devices will be the target of increasingly sophisticated threats. Indeed, the level of security offered by current cryptography will no longer be sufficient to counter the performance of the quantum computer. Secure-IC’s R&D teams have already developed post-quantum cryptography solutions. For the cloud, the service called Digital Authority (one of the 4 services provided with SecuryzrTM Server) guarantees the identity of the device that tries to connect to SecuryzrTM Server. The identity is also managed in the cloud with the HSM (Hardware Security Module), a real vault to store cryptograms.

In the future, we will need to work on solutions offering authorization of devices and device fleet management as a service. The more interconnected devices there will be, the more real this need will be, in order to make easier for the manufacturer the management of a fleet of devices and, for the end user, the use of the device.

Contact