Scalable authentication and encryption solutions company DigiCert unveiled on Monday DigiCert Auto-Provisioning, powered by Device Authority, this past weekend at the DigiCert Security Summit. With Auto-Provisioning, connected device manufacturers and owners can provision digital certificates at scale, whether their devices use open standards such as SCEP or EST, or only support propriety device enrollment protocols.
DigiCert Auto-Provisioning expands the range and type of IoT devices that can be secured, enabling certificate deployment and management at scale through secure certificate generation and delivery; automated certificate renewal; automated certificate revocation; and encrypted certificate store.
As the number of connected devices rises toward an estimated 50 billion by 2020, security continues to lag behind. A study published by HP Fortify estimated that three-quarters of connected devices failed to encrypt communications to the Internet and local network. Last year, researchers found that Nissan Leaf smartphone app APIs were not authenticating users on the server.
Similarly in 2015, researchers highlighted a flaw in Samsung’s smart fridge that attackers could use to carry out a man-in-the-middle attack and access a homeowner’s credentials.
In healthcare, the FDA has recently issued “Postmarket Management of Cyber Security in Medical Devices,” even as security vulnerabilities have been discovered in popular pacemakers, defibrillators and diabetes insulin pumps.
The report calls for “deploying mitigations that address cyber risk early.” Public key infrastructure (PKI) can be used for secure boot, patch management, machine-to-machine mutual authentication, user authentication, and data integrity to help prevent unauthorized intrusions and data manipulation.
IoT devices often lack the compute power required for strong encryption and do not have the ability to securely generate and store keys required for strong device security. Similarly, when credentials need to be revoked or rotated because of device authorization changes, the process is typically manual, time-consuming and vulnerable to human error.
DigiCert Auto-Provisioning combines scalable certificate issuance with automated provisioning to simplify large-volume device enrollment and credentialing. It also provides secure key generation and storage to prevent the use of stolen credentials and unauthorized devices.
DigiCert IoT solutions deliver the critical authentication of users, systems, and devices without the need for tokens, password policies, or other user-initiated factors ensuring connections with trusted users and devices.
DigiCert SSL encryption inherently delivers essential elements of privacy. SSL certificates can be used to encrypt data in motion and secure information being communicated between systems and devices.
It also delivers signing services which maintain that software, firmware, drivers, data, or configuration settings have not been altered or tampered with, ensuring greater control over intellectual property.
“Device authentication and encryption are critical to securing connected devices and the information they share, but many software implementations lack standard protocols for provisioning devices,” said DigiCert CTO Dan Timpson. “DigiCert Auto-Provisioning, powered by Device Authority, helps companies get certificates on a much wider range of IoT devices in a scalable, secure and automated way.”
“Companies now have the ability to assert owner-controlled PKI on a much wider spectrum of connected devices to strengthen security controls,” Timpson added. “Using this solution, companies can take a major step forward in securing their IoT investments, becoming less dependent on manufacturer security.”