Given heightened concerns in recent years about the vulnerability of Internet of Things (IoT) devices to cyberattacks, some companies are taking steps to install greater confidence in the safety of such devices. To date, many IoT technologies are released from the factory with insecure default passwords, no security features at all or ones that are simple and can’t be updated. The risks are elevated when consumers use devices on insecure networks or mobile environments. The fallout from this can range from the inconvenience of a denial-of-service attack to even greater threats to lives and livelihoods.
“More connected devices mean more attack vectors and more possibilities for hackers to target us,” said Ben Dickson, TechTalks founder. “IoT security, previously ignored, has now become an issue of high concern.”
To combat this, cybersecurity provider Sectigo and semiconductor company Infineon Technologies AG have announced a partnership to provide automated digital certificates to Infineon's OPTIGA Trusted Platform Module (TPM) 2.0, a security chip that supports various encryption algorithms for devices and systems. This automated certificate provisioning is made possible by Sectigo’s IoT Identity manager, which issues a cloud-based certificate during device manufacturing to ensure authenticity, as well as certificate lifecycle management, keeping the device secure even during use, while Infineon’s OPTIGA TPM provides private key storage.
“Including a TPM chip in an IoT device design is the first step in enabling strong authentication and secure communication for IoT devices,” said Alan Grau, Sectigo vice president of IoT/Embedded Solutions. “Together, Sectigo and Infineon are enabling device manufactures to leverage strong authentication and secure communication for IoT devices during the manufacturing of the device itself. This integration not only automates the process of provisioning certificates for IoT devices, but it also delivers a complete PKI [Public Key Infrastructure] solution leveraging Sectigo's highly secure cloud infrastructure.”
By providing a means for IoT device manufacturers to issue certificates while still in factory production, Sectigo and Infineon are aiming to raise the bar of the level of security expected for various IIoT technologies in business, healthcare and public infrastructure, as well as IoT devices commonly used by individuals. The automated security features are also in line with updates in legislation such as California’s IoT Security Law. Passed in 2018, the law requires manufacturers of connected devices to equip each product with a unique preprogrammed password or security feature to allow users to restart the authentication process before the first use of the device.
The Sectigo-Infineon approach combines strong authentication through the automated identify certificates coupled with the TPM security chip that keeps keys safe from cyberattacks. The rationale is that by installing the security measures during manufacturing, the device is protected against counterfeiting during subsequent stages in the supply chain, bolstering the level of trust between the consumer and producer.
“Infineon’s audited and certified TPMs enable manufacturers of connected devices to achieve higher levels of security,” said Lars Wemme, Infineon Technologies head of IoT security. “Together with our partner Sectigo, we are now also able to offer automated factory provisioning. This gives our customers a proven path combining ease of integration with the benefits of higher security performance.”