IoT Device Security for Smart Cities: Difference between revisions
m (1 revision imported) |
No edit summary |
||
Line 11: | Line 11: | ||
| download = | | download = | ||
| description = | | description = | ||
Objectives | |||
* Use of PKI to mutually-authenticate IoT devices to networks & gateways | * Use of PKI to mutually-authenticate IoT devices to networks & gateways | ||
* Secure provisioning, registration and production PKI certificates | * Secure provisioning, registration and production PKI certificates |
Revision as of 21:49, February 10, 2022
IoT Device Security for Smart Cities | |
---|---|
Team Organizations | Device Authority Gemalto Joint Venture Silicon Valley |
Team Leaders | Damon Kachur |
Participating Municipalities | Silicon Valley |
Status | Ready for Public Announcement |
Document | None |
Description
Objectives
- Use of PKI to mutually-authenticate IoT devices to networks & gateways
- Secure provisioning, registration and production PKI certificates
- Life-Cycle Management of IoT Device certificates
Challenges
- Communities are realizing the size and scale of IoT devices within their networks are challenging to manage.
- Botnet and DDOS attacks are threats to a healthy ecosystem, how can communities be secure from these threats?
Solutions
- Gather requirement and training needs from the City of Rohnert park. We are planning to kick off this project by inviting all stakeholders from the city as well few residents and seek their inputs on what are training needs.
- Create scope of workshop/ tutorials and requirements, project plan
- Develop syllabus of the workshop based on the requirement gathering
- Recruit instructors (within SSU) and TA’s (students) for teaching and lab exercises.
- Create tutorials and lab documentations.
Major Requirements
- Creation of an IoT Framework and security architecture
- Creation of standards that can be shared across a city and/or county
- Use of trusted 3rd PKI services that include Private CA’s and certificates for IoT devices and servers
- Life-cycle management for IoT devices and servers
- Ecosystem management and administration
Performance Targets
Key Performance Indicators (KPIs) | Measurement Methods |
---|---|
Using PKI to perform mutual authentication of an IoT device to a cloud or network the project will reduce the risk of a communities IoT connected devices being subject to a Botnet or DDoS attack by 50% |
Performing proactive pen-testing to an IoT network can prove the reduction of vulnerable devices across an IoT network. |
Standards, Replicability, Scalability, and Sustainability
The security framework that is established by a city/community will be the foundation for many years to come. The cable industry has been doing this since the early 2000’s and were able to stop pirated cable. The WiMAX Forum provided spectrum to over 200 countries in the world with only authenticate devices being used on these networks with standards based PKI. The global aviation community is adopting a PKI based standard for use around the world.
Cybersecurity and Privacy
The solution takes away the risk of any unknown or unwanted devices getting onto a community network because of the ability to use PKI to perform mutual authentication of an IoT device to the correct corresponding community IoT network. If a device doesn’t have the appropriate PKI certificate issued by the community, the device will not authenticate, thus not be allowed on a community IoT network. The use of a trusted party CA should be mandatory because a community has full knowledge and control of their PKI rather You can control that only authenticated devices are being allowed onto your networks.
Impacts
This solution will provide a layer of security around IoT connected devices and networks. It will contribute to the overall health and safety of the entire community. With more and more community dependencies on connected devices, the proper security framework and on-going support is critical to health and safety of a community.
Demonstration/Deployment
Comodo CA and our partners would be happy to put together a POC with GCTC to prove out the functionality of mutual-authentication of IoT devices and servers during an encrypted session within a private ecosystem. We would also be demonstrating the provisioning and life-cycle management functionality of the service.