Key Orchestration: Identity, Credential, and Access Management (ICAM) for the IoT World

October 03, 2018 / by Chuck White

When looking at the problems we were trying to solve with Key Orchestration, IoT and IoE have always been part of the grand vision of Orchestration. As more and more systems break down the concept of perimeters or layers, there is a need to address the realities of these changes.

  1. Security infrastructure has changed in the past three years as IoT concepts have become IoT realities.
  2. The building blocks of technical solutions have transformed. What was once just layers became layers and cloud and is now cloud, IoE, and local data processing.
  3. Interoperability matters at the beginning of the solution. With changes coming quickly, having consistency in interfaces helps build solutions that are consistent.

With the myriad of technologies coming together to make up IoT/IoE, some things become consistent: The authentication of the component and authorization to content have become an exercise in applied key management.

Consider this: in Zigbee, LoRa, MQTT, and 5G comms, protocol and message format are their own messages, yet they all look to the application of how keys are provisioned to determine if devices can communicate, and what they can do if they communicate.


Related: Free Whitepaper on Protecting the Integrity of Vehicles


The applications that use those devices consist of everything from smart locks and car ECUs to sensors on critical infrastructure. To have everything work together, vendors are struggling to make the management of keys make sense in light of these systems.

With Fornetix Key Orchestration, we are working with companies like Micron, Averos, and Penteon to address cryptography-based identity, credentialing, and authorization to orchestrate IoT operations with encryption key management.

How does this work? It’s more than just having key management and cryptography APIs. It’s intentional design and execution on the following concepts:

Interoperability – The story begins with interoperability and focuses on what application you can bring to technology where the technology is. It’s not the whole story, but it is where the story starts. Having the ability to rapidly account for integration because of standards like KMIP and Common Event Format allows for IoT solutions to start with something that is consistent for their storage and SIEM components.

Extensibility – Where the story is and where the story is going. Being able address realities like new protocols, inconsistent APIs, and new system architectures. Building technology that immediately works due to interoperability is good, but having capability (APIs, Automation, and Controls) that encourage extending to new applications is better and gives IoT consumers options to address the next pillar of security.

Security, Resiliency, and Controls – Need to acknowledge the reality that in the IoT/IoE edge, authorization and authentication happens in credential creation as pre-shared keys for ZigBee and LoRaWAN, integrity is anchored in math - applied cryptography for things like Micron Authenta and Intel SGX. We build policy and structure to align what the device needs with the crypto available, allowing users of IoT to have structure and consistency in how they protect their technology in the wild.

Scalability – This is the 800-pound gorilla in the room. All of this has to happen for hundreds of thousands of devices. Things like fine-grained policy and position-defined mandatory access controls are good for traditional data-at-rest applications, but they are essential for IoT. If you consider that an IoT device's identity and authorization comes down to the utilization of encryption keys on a given network, how and when those keys are provisioned in light of managing IoT devices becomes absolutely critical,  especially when it is one device amongst millions.

Regarding Key Orchestration, a wise man once told me that we built a Swiss Army Knife when the world was asking for a screwdriver. If we were solely focused on where encryption key management is used today, I would agree with him. Thankfully, we built key management that can help you today and help you with what comes next. We built Key Orchestration with the future in mind, and Key Orchestration is ready and able to protect the Internet of Things.

 


If you'd like to learn more about Key Orchestration and how your enterprise can benefit from powerful encryption key management, we'd love to hear from you. Please click here to request a demo or request a quote and our team will reach out as soon as possible.

Recent Posts