Machine Identity Security in Industrial IoT Devices

Bridget Hildebrand – Sr. Product Marketing Manager, Ecosystem – Venafi |

Below we present a blog by Bridget Hildebrand of our partner Venafi, based on her exchange with Intrinsic ID CTO Geert-Jan Schrijen about Machine Identity Security. It is reprinted with permission and originally appeared on Venafi.com.

In the age of the machine, Industrial IoT networks are widely distributed over different organizations and geographies. If the machine identities for an organization’s IoT devices expire or are otherwise compromised, they can trigger network disruptions with far-reaching effects. Reducing the risk of such effects demands a sophisticated and comprehensive approach to protecting machine identities for enterprise IoT devices. This solution needs to be IoT aware, providing the visibility, intelligence and automation required to deal with all the risks that IoT devices present. As digital transformation matures, protecting machine identities becomes an issue of trust and protecting IP.

Thankfully Intrinsic ID, the experts in hardware-based root-of-trust security, has joined the Machine Identity Protection Development Fund! In this continuing interview series about expanding the infrastructure for protecting machine identities, I am speaking with Geert-Jan Schrijen, Intrinsic ID’s CTO and co-founder.

Bridget: Who is Intrinsic ID?

Geert-Jan: Intrinsic ID is the world’s leading digital authentication company, providing the Internet of Things with hardware-based root-of-trust security via unclonable identities for any IoT-connected device. Based on our patented SRAM PUF technology, our security solutions can be implemented in hardware or software. Intrinsic ID security can be deployed at any stage of a product’s life cycle, and it is used to validate payment systems, secure connectivity, authenticate sensors, and protect sensitive government and military systems. Intrinsic ID technology has been deployed in more than 150 million devices. Our security has been proven in millions of devices certified by Common Criteria, EMVCo, Visa and multiple governments. Our mission is “Authenticate Everything.”

Bridget: What struggles do you see enterprises facing in the IoT world?

Geert-Jan: Enterprises deploying industrial and high-risk IoT must solve three critical problems: first, how to set up a trust anchor in every device; second, how to use this trust anchor to establish a verifiable device identity; and third, how to validate the device authenticity throughout its life cycle. Today, there is no standard interface to acquire IoT machine identities with MQTT and other protocols. Most often, manufacturer or IoT platform defaults are used for machine identities. This creates new risks for deployment, and in the future when machine identities can’t be updated. And even if machine identities can be created or updated, device authenticity remains elusive. Assurance that a key pair is generated on a trusted device for the machine identity requested has, to date, not been possible for IoT devices.

Bridget: What will Intrinsic ID do to address this authentication issue?

Geert-Jan: We are connecting the Venafi Platform with the Citadel provisioning tool. Our Citadel Infrastructure Tools are a suite of software products which accelerate deployment of unclonable device identities based on SRAM PUF technology. The Citadel provisioning tool provides a basis for securing the lifecycle of IoT applications with wide-scale deployment. It can be used by semiconductor vendors and OEMs to provision devices that deploy Intrinsic ID’s BroadKey or QuiddiKey products for secure key storage and management.

Bridget: How will this integration benefit Venafi customers?

Geert-Jan: By integrating the Venafi Platform with the Citadel provisioning tool, Intrinsic ID will enable Venafi customers to ensure device authenticity on embedded platforms typically used in the IoT. This will also allow organizations to standardize on the use of the Venafi Platform for managing machine identities, not just for IoT. We are excited to be able to demonstrate the Venafi Platform providing digital identity certificates to embedded devices secured with Intrinsic ID’s BroadKey solution.

Intrinsic ID’s integration is targeted to be complete in May 2020. Visit Intrinsic ID on the Venafi Marketplace for more information. And stay tuned for future interviews with Machine Identity Protection Development Fund recipients.