• Français
  • English

Article | IoT fleet: the importance of giving an identity to each connected object

October 3, 2022

According to Global Data, the IoT market could reach more than €1,000 billion by 2024, an increase of 13% compared to 2020. In light of this growth, the industry has understood the urgency of implementing security standards via regulatory bodies to limit the risks of cyber-attacks and other frauds. In this context, the identity of connected objects has become a real security issue for the IoT to guarantee the reliability of collected data and to pilot decisions.

"Giving every object an identity": what does this mean?

Identity is a concept that always has the same essence: the identity of a connected object is, therefore, what makes it unique and authentic. The IoT can collect, process and exchange data via a communication network. Thus, in a context where platforms connect objects, identifying them contributes to the success of the operation, as well as to its security. Moreover, having trustable data permits to take better decisions without risking to use not integer data.

Among a fleet of devices and other connected objects with common characteristics, a connected object’s identity allows it to be identified from other things. Let’s make a comparison with human beings. The identity of a connected object is a sort of fingerprint that is unique to it and that allows it to be differentiated from others. This identity can be based on various technical forms/means: serial number, cryptographic signature, one-time programmable memory, Physical unclonable function (PUF), etc.

IoT fleet: why give each connected object an identity?

Making each object authentic

Firstly, giving an identity to a connected object allows it to be authenticated. This authentication process allows the human and the machine to recognise the object and place it in a zone of trust: a clearly identified and consequently authenticated object is a secure object.

If you are creating a platform or ecosystem, knowing exactly which connected object(s) to use to communicate with you saves time and confidence.

In addition, identifying the connected objects in its IoT fleet serves other functions:

  • Generate cryptographic keys used to prove identity
  • Secure the storage of sensitive information
  • Ensure the confidentiality and the integrity of communications
  • Provide the means to connect to cloud services
  • Trust the devices that are connected to your service

These functions will ensure the privacy and integrity of data stored, sent, or shared by the object.

Secure the entire IoT fleet

Against hacking or any other cyberattack, giving an identity to each object makes it unique and thus makes the intrusion more complex.

In case a device is compromised or data tempered, it is possible to blacklist it without having to update the entire fleet.

Indeed, hackers or cybercriminals will find very difficult to launch a volumetric or DDoS (denial of service) attack that clogs up systems and makes a server unavailable. Since each object is unique, they would have to be hacked one by one, which is too time-consuming.

Examples of use cases

In our daily lives, both in a personal and professional context, we use many connected objects, some of which manage data that determine an amount to be paid by the user.

It is the case with smart metering devices for collecting energy data remotely through smart meters and IoT sensors. In France for example, these devices, named Linky, have been widely deployed into the general population’s homes. Each meter must have an identity that makes it unique so that the supplier charges the right amount to the right person.

On the other hand, if the smart meter is undifferentiated and does not have an integrated identity (e.g., via a meter number), many errors could creep into the billing process and encourage fraud. For example, the meter could be easily replaceable and transmit consumption data far below the current consumption to reduce the bill amount.

On another level, that of Industrial Internet of Things (IIoT) data, it is crucial to establish the identity of a connected object that performs predictive maintenance. If a connected object fails or does not fulfil its role, the object in question must be identified in the middle of a fleet to intervene.

In other words, in automated or robotic production lines, it is essential to know which device has transmitted which data to which other device and thus to draw relevant information, primarily if a device is not functioning correctly.

How to give an identity to each connected object?

Today, several hardware and software solutions can give a connected device its identity.

For the hardware, it is possible to customise the following elements:

  • The key stored in an One-time programmable memory (OTP)
  • The serial number of the card/device
  • The MAC address of the network card
  • The key stored in a safe secure environment (SE, TEE, Virtual Secure Element, etc.)

For software, the establishment of identity can be implemented via :

  • A non-clonable physical function (PUF)
  • The Active Directory Certificate Service (ADCS)
  • The key or cryptographic signature

Two elements should be taken into account to establish the identity of a connected object:

  • Provisioning consists of creating a connected object according to certain conditions, keeping it up to date, and deleting it when the needs are no longer met.
  • Identity storage revolves around authentication, user account management and security policies.

Therefore, the more securely these two elements are implemented, the less likely a hacker will be able to forge the device. In this context, the installation of a VPN, i.e., the implementation of virtual private networks, is also recommended to monitor the communications of IoT systems. In a Zero Trust context, a secure channel should be established directly with the cloud platform and it requires strong device authentication.

Secure your IoT fleet with Quarkslab

You’ve got it: giving an identity to a connected object allows it to be authenticated and to maintain a high level of security against cyber-attacks. Therefore, you can benefit from a technological boost to identify your entire IoT fleet.

Quarkslab has created QShield to address this issue. It is a cybersecurity solution that identifies each connected object in your fleet, protecting code, keys and data using the most advanced software technologies.

Want to know more? Request a demo!

Watch our webinar

Webinar:

How to respond to cybersecurity incidents and consequently re-secure your IoT devices after their market release?

Follow us