The complex and dynamic nature of Internet-of-Things (IoT) systems requires cryptographic key management services to ensure IoT units operate at high speed and are reliable and scalable. EIT Digital has begun work to meet these needs by developing new advanced IoT key security services which would facilitate the roll-out and maintenance of secure IoT systems from the outset. By focusing on the secure management of cryptographic keys the team behind the innovation hopes to avoid the need for security patches or add-ons.
A cryptosystem is a suite of cryptographic algorithms used to implement a particular security service, most commonly for achieving data confidentiality, integrity and authenticity. A key-based cryptographic system typically achieves these goals by using symmetric keys shared between two parties, or asymmetric key pairs - a public key known to everyone and a private or secret key known only to the security system manager.
The work for developing new advanced IoT key security services will be run out of EIT Digital's "Advanced Connectivity Platform for Vertical Segments" (ACTIVE) High Impact Initiative*, which focuses on developing an advanced connectivity Internet-of-Things platform adoptable in various vertical segments. It will deliver, among other things, services for secure management, interaction and communication on IoT platforms.
Task Leader Marco Tiloca, Senior Researcher at the Swedish Research Institute RISE SICS, explained:
"The secure management of cryptographic keys is a vital requirement for fulfilling the security needs of IoT systems. To meet this, we have designed and developed a first set of fundamental security services to enable secure initialisation of IoT units, and enable the efficient and scalable distribution of cryptographic keys.
"We have also designed a number of fundamental functionalities related to the management of cryptographic keys as one of the first outputs from the development work. They include approaches for secure bootstrapping** and registration of newly deployed IoT units, as well as the secure generation and distribution of cryptographic keys between individual IoT units and between clusters of devices connected to the IoT infrastructure."
The modular and extendible security architecture developed as part of the ACTIVE work is based on the standard Lightweight Machine-to-Machine protocol (LWM2M), used for defining communication protocols between servers and IoT units. The first functional version of the architecture was presented at the EIT Digital demo at the "Internet Dagarna" event in Stockholm in November 2016.
*The Advanced Connectivity Platform for Vertical Segments High Impact Initiative is part of EIT Digital's Digital Infrastructure Action Line, that focuses on enabling digital transformation by providing secure, robust, responsive and intelligent communications and computation facilities for various markets
The following EIT Digital partners contribute to the work of the Advanced Connectivity Platform for Vertical Segments: Ericsson (Sweden and Finland), Engineering Ingegneria Informatica (Italy), RISE SICS (Sweden), and Tampere University of Technology (Finland). Of these, Ericsson and RISE SICS, have participated in the development of the new advanced IoT key security services.
EIT Digital Innovation Activities deliver new products or services, create startups and spinoffs to commercialise outputs from projects, and encourage the transfer of technologies for market entry.
**Bootstrapping refers to the process of loading the basic software, especially the operating system, into the memory of a device after power-on or general reset, which will then take care of loading other software as needed.