Kigen Open IoT SAFE initiative simplifies secure IoT communication

iot communication

As IoT becomes a massive market composed of billions of connections securing it involves an enormous and continuously growing threat surface and raised stakes. Consequences extend far beyond initial breaches to what is done with stolen data and the reputational damage that is caused.

Research by security specialist, Kaspersky, has uncovered that more than 1.5 billion attacks have occurred against IoT devices in the first six months of 2021. The firm’s telemetry data, which it draws from its honeypots that collect attack information, has shown that cyberattacks on IoT devices have increased by more than 100% since the previous half-year[1]. The IoT industry is trying to be proactive and put security in place from the very start of deployments because it is well understood that the promise of IoT won’t be achieved if trust is lost. IoT relies on users putting their data, hardware and processes in its hands in order to provide improved experiences, greater revenue and enhanced efficiency. If it is perceived as insecure, adoption will be slower and more cautious, with innovation correspondingly delayed.

“It is vital for the trustworthiness of the Internet of Things (IoT) that we take a secure-by-design approach by properly protecting and processing the credentials used to secure data exchange between the IoT device and the cloud,” Ian Pannell, the chief engineer at GSMA, has said. “Otherwise, enterprises will not be able to rely on the quality, accuracy or integrity of the data being collected, rendering it useless or even worse, dangerous.”

Alongside secure by design principles, one of the most important IoT security initiatives is improvements to the security of the connected device. Harnessing the security inherent in the secure element is an obvious answer, as is utilising the capabilities of the SIM, as it is mandated for achieving best in class authentication to the cellular networks.. However, all the while the SIM was a removable component, an IoT device manufacturer or deployer couldn’t rely on it being able to support additional features to achieve securing their IoT network and communications from the device to the IoT data aggregator or manager.

The arrival of the embedded SIM (eSIM) and integrated SIM (iSIM) solved this dependency by allowing additional security to be included and enabled in the SIM and then manufactured as a permanent fixed capability of the device for its life. This then ensures it is secure in operation once it automatically configures the connection at the point of deployment.

The IoT SAFE (IoT SIM Applet For Secure End-to-End Communication) has been developed by the mobile industry at GSMA to provide a common mechanism to secure IoT data communications, offering a repeatable and scalable approach on all types of SIM for original equipment manufacturers (OEMs). IoT SAFE uses the SIM as a miniature crypto-safe inside the device to securely establish a datagram transport layer security (D)TLS session with a corresponding application cloud or server. It provides a common application programme interface (API) for the SIM  to be used as a root of trust by IoT devices and, in this way, can address the security challenge of provisioning millions of devices. The applet enables IoT devices to compute shared secrets and keep long-term keys secret and supports provisioning and credential management from a remote IoT security service.

However, improvements are needed in ease of deployment to encourage adoption of IoT SAFE. To achieve this, Kigen has created the Open IoT SAFE initiative by combining GSMA IoT SAFE with the IETF’s (Internet Engineering Task Force) Enrolment over Secure Transport publication (RFC 7030). This brings together two important principles:

  1. The use of the standard DTLS-secured IP channel, with the credentials securely injected into the device at the point of manufacture.  This is used to establish a secure interface, over a device’s connectivity, to communicate with the cloud’s on-boarding service.
  2. The use of on-board key generation directly inside the device which remain in the secure, tamper-resistant element.

These principles eliminate complexity and effort by each party that wants to use the service and ensure that any device should be able to exchange any data across any network and securely exchange that data with a given enterprise on any cloud.

Security adoption stands or falls on the ease with which it can be deployed, managed and updated. Kigen’s Open IoT SAFE initiative offers simple, unified zero touch provisioning. This lowers the barriers to access hardware-based security for more effectively protecting credentials, with the use of open systems based on standards that do not demand complex integration. In addition, the initiative treats enterprise security credentials with the same level of protection as mobile network authentication credentials, bringing communications industry grade security to IoT.

[1] https://www.techdigest.tv/2021/09/iot-cyber-attacks-double-in-first-half-of-2021.html

RECENT ARTICLES

Building an intelligent IoT with edge fabric

Posted on: August 18, 2022

As the popularity of Edge technology and smart devices increases, we see that there is no bar when it comes to the quantity of data that companies can use to improve their decision-making process. Contrary to this opportunity, many organisations still limit the quality, variety, and extent of data that they can make use of

Read more

MQTT X CLI makes its debut executing MQTT operations has never been easier

Posted on: August 18, 2022

Morgan Hill, CA – EMQ, a global provider of open-source IoT data infrastructure solutions, this week announced the release of MQTT X v1.8.0 to the general public. This release carries significant improvements and strives to enable IoT developers to execute MQTT operations easily and quickly. Additionally, MQTT X v1.8.0 introduces two powerful tools aimed to

Read more
FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox