For IoT networks to function smoothly and securely, communicating devices must identify themselves. For the security of the application system, it is essential that end devices can be placed in a forgery-proof manner. For this purpose, state-of-the-art machines are equipped with a cryptographically secured hardware component such as a crypto chip to map and assign unique IDs.
In addition, IDs are provided via centralized systems for validations to execute zero trust rights models on them, for example. In a hyper-connected world of intelligent devices that communicate dynamically, such identification architectures with cost-intensive hardware components and central zero trust instances are difficult to operate reliably and securely. What we need,
The Internet of Things is similar to real-life: to feel safe, we must trust our communication partners and their information. “Trust” is as complex as that in exchanges between people. To check the honesty of another person, we first ask ourselves who our interlocutor is. We contain their “ID” and make sure that we deal with who the other person is claiming to be. In case of doubt, we provide security about the person’s identity using ID or reference.
In the next step, we consider whether the information is correct and credible. If we find “references” or determine that the person has a good reputation, it helps us verify the first two questions. Finally, we remember what experiences we have had with this person and the information they have disseminated in the past. If all of these questions can be answered positively, we decide that we can trust this person.
The Zero Trust Model Has Limits
But how does trust-building work in IT? The current standard here is the zero trust model: an IT system does not trust any communication partner as long as their identity (ID) has not been clarified. Only based on the clarification of the ID via secure authentication is the level of trust determined by a defined process. The security model is based on mistrust, the opposite of faith. In addition, this model is static: The trust is established at the beginning when the communication is established and remains defined during the application.
Such a zero trust model can only be implemented and maintained in controlled environments. This is understood to mean domains in which access to and joining the network can be clearly defined in an authentication process. The circle of communication participants also has a closed character with a central instance which, as the “doorman,” controls access to the “club.”
The identities of the communication partners are always determined using a defined authentication service, and then the stored security levels are released. If the authentication fails, the device or the participant cannot access the IT network. Examples of this are, for example, communication networks in a company with employees and a defined number of servers and end devices.
Such systems are susceptible and problematic in terms of their centralized structure. If the “bouncer” is compromised in the course of a cyber attack, attackers receive a powerful tool to integrate their own devices and software into the network. Since the “doorman” has confirmed the trustworthiness, all participants in the system follow his assessment and grant the intruder complete trust.
This cybersecurity data supply chain attack was successful in practice in the SolarWinds Orion case. Using the manipulated Orion service, attackers could smuggle malicious software into the networks of companies, authorities, and government organizations.
Hyperconnectivity Needs New Solutions
In a static IoT world where everything can be controlled, such a centralized zero trust model already poses a significant challenge. But how does it look in a hyperconnected world? So in a world in which 125 billion smart devices communicate with one another very dynamically? For example, smart cars have to communicate with each other or with traffic control systems directly and immediately (peer-2-peer). Or when participants only meet in a particular situation and then never meet again – for example, in the future Smart City, when an intelligent scooter, the autonomous tram, and a car meet at the intersection?
Such a world is shaped by many – initially unknown – communication participants. The decisions as to whether the system’s trust each other must be made quickly and in a time-critical manner. Central zero trust instances that centrally grant confidence often make no sense in this case. Such a system – even with nationwide 5G mobile communications – would be too slow to make decisions in road traffic. In addition, this system would be prone to disruptions due to centralized structures. If the central decision-making body were disrupted, all traffic would be endangered and would have to switch to “emergency operation.”
Secure Identification Without Central Authorities
So for a hyperconnected world, we need new “post-zero trust concepts.” These concepts have to start at two central points: They should provide a system for unambiguous and secure identification without significant instances and ensure that IDs cannot be falsified over the application’s life cycle or the participant.
Current research and development offer new approaches for “post-zero trust concepts.”
SSI – self-sovereign ID systems – use decentralized structures to ensure the provision of IDs at the “edge” on the IoT device. The “self-determined identities” have unique, randomly generated, disposable identities (DIDs) anchored in the blockchain and provided with a timestamp, so-called “one-way identities,” with which data can be cryptographically signed and exchanged via secure channels. Such self-sovereign ID systems can also communicate via peer-2-peer protocols and provide future-proof “Post Quantum” encryption of communication.
DIDs are temporary identities based on specific properties that use blockchain-based smart contracts to provide rules that define the establishment of a connection between a recipient and a supplier. For example, they enable cryptographically signed applications to link the use and exchange of IDs to time-limited processes. After completing the intended use or application, the set of rules in intelligent contracts determines the expiry of the ID. This means that it can no longer be used for other processes and applications. This puts a cryptographic stop to identity theft. The advantages of such disposable identities are that they guarantee anonymity, be used for a specific project, and then abandoned.
ID Certificates Based On Unique Characteristics
In natural persons, the ID is linked to unchangeable biometric characteristics for verification: initially, these were gender, eye color, body size, and physiognomy – recently, digitally stored fingerprints and Face IDs are also used via facial recognition.
But which verification options can be linked to its ID for bright “things” like a networked car? Simple options are, for example, a unique, one-time cryptographic key or a certificate that is permanently built into the hardware of the device. A device’s unique feature can also be used for identification – this is referred to as a Physical Unclonable Function (PUF). Individual keys/certificates can also be generated on an IoT device using PUF. These features developed via PUF can, in turn, be used as a basis for the secure identification of communication participants and can be used in systemic forms such as SSI / Disposable Identities.
Chains Of Trust Through Digital Fingerprints
Insecure cryptography for embedded systems, limited processor performance, and system memory plays a significant role. For PUF, unique microcontrollers or hardware-specific memories usually have to be installed, resulting in a higher production price for the hardware. Cybersecurity using PUF must therefore be included in the manufacturing cost of the embedded system.
The Federal Ministry of Education and Research has launched the StartUpSecure initiative to put good ideas from research teams at German universities or the industry into practice more quickly. A research team from asvin GmbH was provided with funding from this initiative. The team is currently working on the asvinI project on methods for implementing PUF systems that allow device fingerprinting based on the individual structural properties of the device. This can be, for example, a particular error pattern in radio transmissions caused by the physical design of the antenna.
Asvin set up a pilot application together with sense as part of the European Blockchers project. The start-up tsenso has developed a fresh index, which – to put it in very simplified terms – uses temperature sensors to determine the freshness of perishable food from the manufacturer to the end customer’s refrigerator. The system uses the transmitted data to calculate a dynamic best-before date, which can be read out via the app. If this data were manipulated, consumers could experience health problems through the consumption of spoiled food.
First, based on digital fingerprints from the temperature sensors, secure device management, device monitoring, and secure over-the-air updates of the sensors were implemented in a 5G network. The system uses smart contracts within a private Ethereum blockchain from the Alastria Foundation. As part of the Blockchain project with sense, this system was expanded and tested to secure the data supply chain. Data is then linked with a traceable “certificate of trust” from the data source (sensor) to processing in the cloud and invariably secured via a blockchain system.
In another current research project with the Karlsruhe Institute of Technology (KIT), this system for obtaining training data in machine learning is expanded and tested. The aim is to optimally secure the training of the machine learning algorithms in a sense for food monitoring to prevent an attack on the AI by manipulating the training data. The results of the joint research project with KIT are expected at the end of 2021.
The solution is intended to close the gap between conventional offers and high-end processes and help enable chains of trust in complex, distributed architectures of the IoT at moderate costs.