Image credit: Device Authority
For the Internet of Things, adding security was a challenge even back when the first intelligent thermostat and traffic light started delivering automated data through a network. Now, adding security may be getting easier for IoT solution integrators. The FIDO Alliance recently released a new spec for onboarding IoT devices to the network that boasts much improved improved security, not to mention more simplicity and flexibility.
The FIDO Device Onboard (FDO) protocol enables installation of a physical device and setup of credentials or passwords for more secure communications with its target cloud or platform. Setting up new IoT nodes is usually done manually by a technician, a process that at least until now has proven to be time-consuming, expensive, and not always secure.
Customers report it takes on average 20 minutes to onboard an IoT device, according to Richard Kerslake, general manager, industrial controls and robots, for Intel. "It doesn't take long before you're talking years of effort" to activate all the IoT devices an organization might envision, he added during a recent webinar.
In some cases, businesses paid more for a lengthy, cumbersome installation process than they did for the actual IoT device itself. "From a resourcing or cost viewpoint, this doesn't really allow for the expansion of IoT," says Kerslake, who's also co-chair of FIDO's IoT Working Group.
Automated Installation and Activation of IoT
The security element of FDO uses encryption, specifically asymmetric public key cryptography. That process uses a pair of related keys, one public and one private, which encrypt and decrypt a message (in this case, commands to and from an IoT device ready for installation) and help protect it from unauthorized access or use. IoT gear equipped with the FDO spec will translate to highly automated installation and activation, and can be quickly handled by anyone, regardless of their level of experience, according to the alliance. The FDO spec was collaboratively developed and the initial version is targeted at industrial and commercial applications. Developers and solution integrators can review and download the specification here.
FDO's timing is excellent; worldwide spending on IoT equipment hit $749 billion in 2020. And though sales may have slowed due to the global pandemic, consultancy Statista forecasts that IoT sales will top $1 billion by 2024 ($1.1 billion to be exact).
End-to-End IoT Security
Incorporating end-to-end IoT security is the main short-term strategic priority for service providers and enterprise users, according to a report from Omdia. Some 64 percent of respondents cited end-to-end IoT security as their top priority, surpassing edge computing (55 percent), artificial intelligence/machine learning (50 percent), and 5G deployments (28 percent).
Kerslake adds that some IoT vendors have created devices that they claim are zero trust. This is a security approach very much in the vanguard with work from home, where all users, whether known to the network or not, are authenticated and continuously validated for security, so they can access any networked applications or data.
With some similarity to zero trust, FDO employs an "untrusted installer" approach, where the installer doesn't need or lacks access to any sensitive infrastructure or access control information to add the device to the network. The alliance also refers to its approach as "zero touch."
The FIDO Alliance also pointed to two other limitations of current IoT wares: They tend to be proprietary solutions and are often linked to a specific cloud platform. "Businesses can decide which cloud platforms they want to onboard devices to at the point of installation, as opposed to manufacture," the alliance notes in a statement. "A single device SKU can be onboarded to any platform, thereby greatly simplifying the device supply chain."
Widespread Industry Support
This new IoT specification is rapidly garnering industry momentum. Darron Antill, CEO of Device Authority, says in a recent statement that the company will be supporting the FIDO device onboarding specification. “Originally, we worked closely with Intel SDO and adopted this approach to our IoT security platform, KeyScaler. Now that FIDO has developed a new enhanced standard, we will also be supporting FDO in our KeyScaler platform. Current and future customers will be able to leverage FDO in their IoT projects.”
And other big names in IoT are also on board with the standard. "We are thrilled to see the FIDO Alliance address such a critical piece of the IoT device lifecycle," says Sam George, vice president of IoT, for Microsoft's Azure business unit, in a recent statement. "Device onboarding through a standardized protocol like FDO simplifies device set-up by abstracting the underlying complexities of the hardware, which will accelerate the adoption of IoT."
- Watch the video, a quick look at FIDO authentication.
- Download the latest FIDO Alliance IoT specifications.
- Understand more about provisioning IoT devices, download the FDO infographic.
- Read the related article, “Ushing in a New Standard to Securely Onboard IoT Devices.”