About Securing the IoT Environment

Why IoT Security Is Required

The IoT environment has various things connected by the internet, enabling convenient user experience. Subsequently, businesses in various industries are utilizing interconnected devices to increase business efficiency. However, concerns of privacy violation such as information regarding user location and access records continue to rise, and incidents of IoT devices being abused are incrementally surfacing. In order to decrease such risk factors, IoT devices must be safely authenticated and managed, data in devices and in transit be encrypted, and message integrity be guaranteed.

Security Threats in IoT Environments

The following list are examples of security threat cases that have already occurred, or are expected to occur in the near future.

1) Violation of privacy
– A user’s privacy being exposed without their knowing via illegal approach to IoT devices with embedded cameras such as Smart TVs
– Vehicle locations externally transmitted from internally installed IoT devices
2) Invasion of Information Communication Networks
– Hacking of IoT devices in homes that have functions of automatic temperature control with absence of people, to check absence prior to trespassing
3) Destructive measures using IoT
– Cause wheel malfunctioning of moving vehicle or stopping of engine
– Induce malfunctioning of intelligent insulin pumps or pacemakers
4) DDoS attacks using IoT devices
– Abuse weakness in IoT protocol to use IoT applied microwaves and driers in DDoS attacks (Using IoT devices in DDoS attacks)
– Exhaust system resources by repeatedly sending fake requests (DDoS attacks on system itself)
5) Spreading of malicious programs
– IoT devices or networks infected with malicious program used in sending out spam email and SMS
6) Threats to information facilities such as smart power grids
– Gain control of primary shut-off valve by hacking power grid to manipulate and destroy devices used in grids
– Attacker poses as sensor and transmits false data to traffic management system, or controls major infrastructures such as traffic lights

What are the important security elements in an IOT environment?

As the number of devices connected to the IoT environment grows, IoT devices, people, and third parties must establish a reliable IoT security environment. IoT security can be roughly divided into 4 categories according to the configuration of IoT system.

  • Device security to gather information from user area
  • IoT gateway security to gather information and send it to the server
  • Server security to protect servers that process collected information
  • IoT infrastructure security that underpins all of these systems

Why is PKI suitable for IoT security?

For a safe IoT environment, IoT devices must be safely authenticated and managed, data in devices and in transit be encrypted, and message integrity be guaranteed. Various technologies can be used to meet the security requirements above, among which PKI technology is the most powerful of all.
PKI (Public Key Infrastructure) utilizes Certificates issued from CAs (Certificate Authority) which include a public key and a private key, and allows for private communication within a network. PKI provides the following functions.

  • Device Authentication
    • Authenticate using certificates within devices
    • Possess high safety level and concrete device identification function
  • Data Encryption
    • Only authorized devices/users can view data using encryption techniques
    • Utilize lightweight algorithms optimized for IoT environments
  • Guarantee message integrity
    • Block access and prevent change of data by unauthorized third parties

About AuthentiCA

What is AuthentiCA

AuthentiCA is a cloud-based security service in IoT environments (such as Smart Car, Smart Factory, Smart Energy, Smart Home, etc) with no additional infrastructure configuration.

  • Simple Certification

AuthentiCA is a cloud-based service requiring no additional infrastructure configuration. Certificates are created through a simple process, and managed via a user console accessible from all places.

  • Diversion Application

AuthentiCA provides certificates (X.509, IEEE 1609.2, ISO 15118) that can be used in various industries such as Smart Home, Smart Energy, Smart Factory, and Smart Car.

  • Comprehensive Security

AuthentiCA is a PKI-based IoT security service that securely authenticates IoT devices, encrypts sensitive data, and ensures message integrity during transmission.

What is CA(Certificate Authority)

CA (Certificate Authority) is an authority that issues and manages certificates. As it verifies user ID, and signs certificates to prevent certificate forgery and manipulation, it plays a similar role as government agencies that check and handle traveller passports.

What are Certificates

Certificates are electronic files used for unique identification of user or device using the internet. It can be regarded as passports for internet users as it identifies certificate owners and provides important information.

How are certificates used in IoT environments?

  • Authentication

Certificates for device authentication can be issued prior to connecting devices to the internet. Furthermore, device authentication can be carried out during service and transmission.

  • Encryption

User privacy can be violated when data is hacked during data transmission from device to server. Accordingly, data encryption with certificates becomes mandatory in order to protect sensitive data.

Why provide Cloud-based certificates?

Deploying a private certificate authority requires high costs. Despite the importance of security, such high costs are difficult to be overlooked. The management of certificates is also demanding as it calls for an internal security expert, and the need for developing certificate integration modules. All the above difficulties can be resolved by utilizing the Cloud CA platform. The Cloud CA platform offers a simple and low cost certificate issuance & management service available for all types of users.

What environments can AuthentiCA be used in?

Security environments for Smart Factory, Smart Home, and Smart Energy can be created using the X.509 certificate provided by AuthentiCA. Likewise, Smart Car specific certificates are available for securing Smart Cars. Moreover, SSL/TLS Server certificates can be utilized in securing sessions between server and client.

Tutorials

How to Get Started with AuthentiCA User Console

Go to https://console.authentica.cloud/login/register and press the create an account button. Don’t worry about the prices . Currently, we issue free certificates for 90 days.

You’ll receive an e-mail in your inbox asking for confirmation of the account. Don’t forget to click the link!

How to Issue Domain & Device's Certificates

Step 1: Create Domain

A domain is the field of the certificate you want to use. We basically support certificates used by smart cars (IEEE 1609.2, ISO 15118), smart factories (x.509), and smart homes (x.509). You choose the field you want to issue.

Step 2: Enter Domain Name

After selecting the domain, you need to enter the domain name. This name can not be changed later, and the domain name that was used once can not be used again. Be careful when you first create it.

Step 3: Download the Domain’s Certificate

If the domain is successfully created, you can check the domain created in the user console. You can download the domain certificate from the certificate list page.

Step 4 : Issue certificate for device

To get device certificates, click the device certificate issuance button in the domain.

Revoke certificate

A certificate in use can be revoked. A revoked certificate may not be used again.

Temporarily disabled certificate validity (HOLD)

A certificate in use can be disabled temporarily in the certificate detail information page. Temporarily disabled certificates may be re-used after the activation button.

* This function will be supported in 2018

Activating disabled certificates (ACTIVATION)

Disabled certificates may be re-used after the activation button in the certificate detail information page. The expiration date does not get extended.

* This function will be supported in 2018

Re-issue certificate

To re-issue a certificate changing only the key, a certificate with new keys can be downloaded after the re-issue certificate button. The expiration date does not get extended.

* This function will be supported in 2018

Renew certificate

AuthentiCA issues a 90 day certificate for free use. If the expiration date has less than 30 days left, it can be extended by renewing the certificate.

* This function will be supported in 2018

Terms

What is X.509?

In cryptography, X.509 is a standard that defines the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for web browsing. They’re also used in offline applications, like electronic signatures. An X.509 certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed. When a certificate is signed by a trusted certificate authority, or validated by other means, the certificate holder can rely on the public key it contains to establish secure communications with another party, or validate documents digitally signed by the corresponding private key.

Besides the format for certificates themselves, X.509 specifies certificate revocation lists as a means to distribute information on certificates that are no longer valid, and a certification path validation algorithm, which allows for certificates to be signed by intermediate CA certificates, which are in turn signed by other certificates, eventually reaching a trust anchor.

X.509 is defined by the International Telecommunications Union’s Standardization sector (ITU-T), and is based on ASN.1, another ITU-T standard.

Form Wiki

Structure of X.509 certificate

The structure of an X.509 v3 digital certificate is as follows:
* Certificate
* Version Number
* Serial Number
* Signature Algorithm ID
* Issuer Name
* Validity period
* Not Before
* Not After
* Subject name
* Subject Public Key Info
* Public Key Algorithm
* Subject Public Key
* Issuer Unique Identifier (optional)
* Subject Unique Identifier (optional)
* Extensions (optional)
* …
* Certificate Signature Algorithm
* Certificate Signature

What is IEEE 1609.2?

IEEE 1609.2 is a security standard to be complied with communication between vehicles and with external systems. IEEE 1609.2 ensures secure communication based on certificates using digital signatures and encryption technology.

OBE (On-Board Equipment)

OBE (On-Board Equipment), or OBU (On-Board Unit), is a device installed in vehicles to assist information exchange between interfaces of slave devices.

RSE (Road-Side Equipment)

RSE (Road-Side Equipment) is an equipment installed on roads for communication with vehicle terminals in operation and data exchange.