Microsoft announced on Tuesday support for X.509 certificates to enhance device-level authentication. X.509 certificates are considered the gold standard for exchanging information between two parties – for example, a connected device and a cloud platform – with cryptographic safeguards that allow businesses to be alerted to any potential exposure to information in transit.
With Azure IoT support for X.509 certificates, an IoT device can now store a private key locally, and an associated device X.509 certificate generated to identify the device to Azure IoT Hub before the information is transmitted. The benefit to customers in industries such as manufacturing, healthcare and smart cities is that device identity can be transmitted safely and securely from the edge to the cloud while maintaining integrity.
Clients can use any X.509 certificate to authenticate a device with IoT Hub, including an existing X.509 certificate that a device may already be associated with it. The device can use this certificate to authenticate with IoT Hub. A self-generated and self-signed X-509 certificate. A device manufacturer or in-house deployer can generate these certificates and store the corresponding private key (and certificate) on the device. Users can use tools such as OpenSSL and Windows self-signed certificate utility for this purpose.
Alternatively, CA-signed X.509 certificate can be used to identify a device and authenticate a device with IoT Hub. A device may either use a X.509 certificate or a security token for authentication, but not both.
Microsoft developed its IoT security based on enterprise expertise, recommending that businesses adopt a defense-in-depth strategy that layer multiple security features to mitigate the risk of any one security technology being compromised.
Like IoT itself, which relies on a broad ecosystem of technology providers, partners and companies to bring solutions to life, we believe that securing an IoT infrastructure end-to-end requires the collective efforts of device manufacturers, operators, integrators, solution developers and individuals or business deploying IoT.
Microsoft is working with customers to enable security best practices, including tools to ensure devices, assets and data are secure. The company believes in proactively sharing its security approach and have published a number of whitepapers that provide detailed information about its approach to security architecture and features.
The various views taken by the software giant include security from the ground up – a high level look at what Azure provides in terms of architecture and features for security; and an introduction to Azure IoT features for securing IoT infrastructure; security best practices that include a collection of best practices for securing an IoT infrastructure; and, security architecture – a look at the IoT architecture entirely built around threat modeling. The document introduces threat modeling and walks through an actual threat model for the Azure IoT reference architecture.
Microsoft also published an easy-to-read primer on Azure IoT Hub security features called ‘Securing your IoT’ deployment. The distributed nature of the Internet of Things, which can span individual homes, corporate buildings and even geographies, combined with the sheer scale at which many IoT devices are deployed, make security one of the key considerations when adopting, designing and deploying IoT.