How Secure are Crypto Keys on Your Connected Devices?
While the benefits of IoT are unlimited, the reality is that the proliferation of connected devices, systems and services that compose the IoT ecosystem has introduced risk directly into the physical world, blurring the border between virtual threats and utilities, devices and critical infrastructure. To protect IoT devices, many of which operate in harsh environments within reach of malicious adversaries, cryptographic keys are used to secure fundamental tasks, such as authenticating between the cloud and other devices.
Yet, protecting keys in IoT devices is a major challenge:
IoT devices come in great variety of shapes, form factors and are manufactured by huge array of vendors. Using secure hardware, like a TPM, to secure critical keys requires integrating into the device, which is costly, slow, and cumbersome. Often, these are resource-constrained devices or even brownfield equipment, that allow little, if any, hardware modification.
Secure provisioning of keys into IoT devices throughout the supply-chain is challenging, requiring placing dedicated teams and secure hardware in remote manufacturing sites, resulting in slower time to market and increased costs.
Provision and Manage Unique, Cryptographically Safe Credentials for Connected Devices
Unbound is the only lightweight software key protection solution that enables every IoT device to have an embedded root of trust, where private keys can be stored securely with a trust level comparable to dedicated secure hardware – creating a consistent level of security among all connected devices regardless of their underlying security posture.
Based on Unbound’s vHSM technology, the cryptographic key exists as two random shares, one located on the IoT device and the other located on a well-segregated central server. Key shares are never combined, and it is a mathematically guarantee that the key material will never available in the clear at any point in time.
Unbound allows either physical and remote provisioning and be rapidly deployed to all respective devices – providing excellent security with minimal operational hassle and at extremely short time to market.
Provisioning & management of crypto keys across diverse range of IoT devices
Centralized management and tamper-proof, real time auditing
Pure software solution – no hardware required
Eliminates bill-of-material costs and hardware modifications
Infinitely scalable to support any number of devices
How does it work?
In this example, HVAC controllers have been deployed inside a smart building, and have been connected into the network, communicating with a central server through the internet. The controllers do not include a dedicated Trusted Platform Module (TPM) to secure the authentication credentials, thus risking of credential compromise and device impersonation. To eliminate the risk, Unbound Crypto-of-Things has been installed as part of the HVAC controller software stack and where it can be rapidly deployed to all respective devices – providing excellent security with minimal operational hassle and at extremely short time to market.
Unbound streamlines physical and/or remote provisioning of secure credentials in IoT devices, even supporting secure remote provisioning over the internet. The private key is never exposed in the clear at any location or at any time during its lifecycle, easing the stringent physical key security requirement that stipulate keys cannot be exposed at manufacturing or commissioning facilities.