IoT Device Security for Smart Cities

From OpenCommons
Jump to navigation Jump to search


IoT Device Security for Smart Cities
GCTC logo 344x80.png
TIoT-Enabled Smart City Framework.png
{{{imagecaption}}}
Team Organizations Device Authority
Gemalto
Joint Venture Silicon Valley
Team Leaders Damon Kachur
Participating Municipalities Silicon Valley
Status Ready for Public Announcement
Initiative {{{initiative}}}Property "Has initiative" (as page type) with input value "{{{initiative}}}" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
Document None

Description

Objectives

  • Use of PKI to mutually-authenticate IoT devices to networks & gateways
  • Secure provisioning, registration and production PKI certificates
  • Life-Cycle Management of IoT Device certificates

Challenges

  • Communities are realizing the size and scale of IoT devices within their networks are challenging to manage.
  • Botnet and DDOS attacks are threats to a healthy ecosystem, how can communities be secure from these threats?

Solutions

  • Gather requirement and training needs from the City of Rohnert park. We are planning to kick off this project by inviting all stakeholders from the city as well few residents and seek their inputs on what are training needs.
  • Create scope of workshop/ tutorials and requirements, project plan
  • Develop syllabus of the workshop based on the requirement gathering
  • Recruit instructors (within SSU) and TA’s (students) for teaching and lab exercises.
  • Create tutorials and lab documentations.

Major Requirements

  • Creation of an IoT Framework and security architecture
  • Creation of standards that can be shared across a city and/or county
  • Use of trusted 3rd PKI services that include Private CA’s and certificates for IoT devices and servers
  • Life-cycle management for IoT devices and servers
  • Ecosystem management and administration

Performance Targets

Key Performance Indicators (KPIs) Measurement Methods

Using PKI to perform mutual authentication of an IoT device to a cloud or network the project will reduce the risk of a communities IoT connected devices being subject to a Botnet or DDoS attack by 50%

Performing proactive pen-testing to an IoT network can prove the reduction of vulnerable devices across an IoT network.

Standards, Replicability, Scalability, and Sustainability

The security framework that is established by a city/community will be the foundation for many years to come. The cable industry has been doing this since the early 2000’s and were able to stop pirated cable. The WiMAX Forum provided spectrum to over 200 countries in the world with only authenticate devices being used on these networks with standards based PKI. The global aviation community is adopting a PKI based standard for use around the world.

Cybersecurity and Privacy

The solution takes away the risk of any unknown or unwanted devices getting onto a community network because of the ability to use PKI to perform mutual authentication of an IoT device to the correct corresponding community IoT network. If a device doesn’t have the appropriate PKI certificate issued by the community, the device will not authenticate, thus not be allowed on a community IoT network. The use of a trusted party CA should be mandatory because a community has full knowledge and control of their PKI rather You can control that only authenticated devices are being allowed onto your networks.

Impacts

This solution will provide a layer of security around IoT connected devices and networks. It will contribute to the overall health and safety of the entire community. With more and more community dependencies on connected devices, the proper security framework and on-going support is critical to health and safety of a community.

Demonstration/Deployment

Comodo CA and our partners would be happy to put together a POC with GCTC to prove out the functionality of mutual-authentication of IoT devices and servers during an encrypted session within a private ecosystem. We would also be demonstrating the provisioning and life-cycle management functionality of the service.