Devices able to connect to the Internet through diverse network technologies, known as IoT devices, are becoming increasingly affordable by mass production, thus IoT devices have become more popular. As a result, the mass usage of IoT devices provide the economies of scale, thus managing massive IoT devices also demands a new approach with this characteristic.
Traditional device management relies mainly on the manual process by device users and providers. However, as the number of devices increases, manual management cannot tailor to the scale easily and provide uniform quality. Failure to proper device management increases the risk to the devices: from a security perspective, the data tampering or destruction, device hijacking or abuse for access other hosts. Such risks also lead to undermine the trustworthiness of IoT platforms, which are information infrastructures connecting massive IoT devices and collecting and analyzing data.
Therefore, we believe that it is essential for utilization of IoT technology to develop the device management technology that leads to efficiency without manual process and trustworthiness of the entire system.
The device lifecycle is the period from manufacturing, through operation, to the final disposal. It is important to confirm events along these device lifecycles and the functions required for these events to achieve the device management with efficiency and reliability. Device maintenance and reuse might be also included in the events. In addition, device ownership may change throughout its lifecycle. For example, when a manufacturer sells a device to a user, the user then has the ownership after that.
Prior to joining a service, onboarding processes such as pre-acceptance verification and provisioning of the device would be performed to enable and configure the network and the service application securely. Once the device is operational, mechanisms to update the software securely and detect tampering are required. On changing ownership or disposing, mechanisms for securely deleting the information stored in device are also required.
It is impractical to achieve this process manually on managing a large number of devices. Therefore, technologies for efficient management of many devices are attracting attention. For example, a technology called attestation is effective to detect tampering. In addition, remote execution and automation are also essential in terms of efficiency, thus authentication on the device is also required on implementing them.
An overview of these functions and requirements reveals that the device is required to equip secure cryptographic functions (the Root of Trust) as underlying technology, and the IoT platform is required to manage the cryptographic keys used in both the management process and the devices.
Root of Trust, attestations, secure remote software updates and cryptography-based authentication mechanisms can ensure its data quality throughout the device lifecycle and sustain the value of IoT. As a result, trust in IoT devices and the entire IoT platform can be established. In addition, by adopting remote execution and automation technologies, the operation and maintenance costs can be kept low and both efficiency and trustworthiness can be achieved.
Since there would be less issues related with device and data quality in trusted IoT platforms, collaboration with data and devices of other companies might be achieved at a lower cost. Furthermore, standardizing device management technologies would further reduce the cost of implementing and validating technologies and the difficulty of interoperability.
SECOM IS Laboratory is working on various approaches to establish an efficient and trusted IoT platform described above, including joint research with other companies and organizations as well as survey and proposal activities in international standardization associations.
IoT Security considered with its lifecycle has many essential elements for IoT platform. Although its implementation is not easy, we believe that IoT platform which sustains its efficiency and secure state for long period is essential technologies to come into IoT's own.