For secure IoT services, you need to consider multiple security factors from the development stage. For example, you need to select chips and devices with security features and develop security stacks and integrate libraries from different sources for each embedded system. In addition, you need to consider how to build an infrastructure for key injection and certificate management at the manufacturing stage, how to update security and firmware of the fleet of devices in the field at the operation stage, and how to revoke keys and certificates and delete sensitive information from the device at the end of life stage.
Solving this complexity of IoT security with conventional manual methods requires security experts and huge amount of resources. UNiD aims to solve this complexity with technology.
"Fully Automated Provisioning" is one of the features of UNiD, which can fully automate device provisioning that used to be done manually. By leveraging decentralized identity and hardware root-of-trust technologies, devices can autonomously generate key pairs in the h/w secure zone. By registering its public key for digital signing with the decentralized PKI network, the device is able to communicate with the cloud in an E2E encrypted manner. Finally, the device completes device provisioning by registering its own instance with the device management system.
UNiD automated provisioning process eliminates the need for key injection and PKI. In general, key injection cost is $0.5 ~ $2.0 USD per device. This includes the operational cost of performing the key injection as well as the cost of a secure execution environment and employee background checks. If one were to manufacture 1M devices, the operational cost of key injection alone would be $2M USD. With UNiD, this cost can be reduced by eliminating the need for the key injection process.
Furthermore, with the traditional approach, you have no choice but to trust an intermediary such as a provisioner or an intermediate CA. With UNiD, you can eliminate this intermediary completely, thus reducing the risk of vulnerability.
By embedding UNiD EDGE SDK in your devices, you can abstract the all complexity of the security stack from the edge to the cloud and bring their products to market quickly without the need for specialized personnel or budget.
Just as most web services now use encrypted communication, it will become commonplace for IoT devices to use encrypted communication between devices and the cloud. We hope to make this new security stack widely available to all developers by developing it as open source.
If you'd like to be a part of the UNiD community, visit our GitHub. Click Star🌟 if you like.