TRUST STACK START: BUILDING UPON EXISTING TECHNOLOGY
The Security Ecosystem starts by building on a foundation of existing trusted technologies. These sophisticated technologies are generally well known. Many are becoming better known and utilized in IoT security. Each is valuable, which is why they are incorporated in this Trust Stack. TrustCentral leverages them as a group in order to support our innovative and proprietary technology.
A FOUNDATION OF PKI
The key foundation of the Trust Stack is Public Key Infrastructure (PKI). PKI is also the foundation of security for the Internet itself. The Platform will incorporate a complete X.509 PKI and Privilege Management Infrastructure (PMI). Importantly is also will include TrustCentral’s proprietary Attribute Authority (AA). This Attribute Authority allows the Security Ecosystem Platform to use the PKI and PMI in innovative ways. For example, the AA acts as the trusted third party to facilitate and authenticate the secure exchange of public keys between endpoints. The AA also acts as the trusted third party during the Inviter-Invitee Protocol that is used to authenticate and establish persistent, secure relationships between endpoints (see below).
DEVICE ROOT OF TRUST
IoT security begins at the device level with a unique, securely stored or accessible, non-volatile ID or private key in order to provide a secure root of trust. For an IoT device such a root of trust can be achieved the chip level through the use of one or more existing technologies. In one example, a digital “fingerprint” can be created using a small portion of a device’s silicon with the application of PUF (Physically Unclonable Function) technology. The PUF becomes a digital “anchor” to provide vital, security-supporting capabilities. (For human-controlled devices such a computers, tables and mobile devices, other technologies can be used to provide a comparable root of trust.)
DEVICE IDENTITY CERTIFICATION
The system provides for the authentication of a cryptographically-secure, non-repudiable identity tied directly to each IoT end-point. For example, an identity may be as a particular vehicle ECU (Electronic Control Unit), sensor, etc. Validation of that identity is confirmed by the issuance of a PKI certificate.
SECURITY BEST PRACTICES
The Security Ecosystem implementation includes the adoption of industry best practices. One of the most important best practice is secure, signed firmware updating and management. Every IoT device within a vehicle (or devices within external infrastructure that a vehicle might interface with, etc.) should be updatable with authenticated, signed firmware. There are a variety of standards that can be used to accomplish this (e.g., SCEP, EST, OCSP). Further, firmware updates may be executed on different firmware types (e.g., boot images, higher-level embedded code, underlying software components) as well as being accomplished in chunks in order to minimize device power consumption. Such include Over the Air (OTA) or other secure capabilities to update the device with authenticated, signed firmware.
TRUST STACK INNOVATIONS: PROPRIETARY TECHNOLOGY
SECURE COMMUNICATION LINES
Securing communication from an IoT device has historically been achieved from a central point to each endpoint device (a one-to-many relationship). TrustCentral could also do this, however as compared to a typically centrally managed PKI, the Security Ecosystem’s innovation technology adds a innovative capability by providing endpoints with the ability to authenticate each other through the application of TrustCentral’s patented Inviter-Invitee Protocol. Upon the successful completion of the Inviter-Invitee Protocol, a secure, persistent, authenticated communication line is established between the two endpoints. This comprehensive application creates multiple one-to-one relationships (on an as-needed-basis) that can grow to an effectively unlimited number of such authenticated pairs.
Communication Lines are characterized by endpoints with context-specific identities that are typically governed by an end-to-end digital agreement. They are auditable, brokered, trusted-relationships where such relationships/digital agreements can each stand-alone, for privacy purposes, or can leverage the build-up of identity confidence levels across relationships. The Security Ecosystem’s Attribute Authority (AA) acts as a Trusted Third Party mediating service provider for users/devices in running the Inviter-Invitee Protocol used to authenticate each communication line by: (a) establishing and authenticating unique identities of IoT devices (or computing devices); (b) uniquely associating cryptographic keys to their identities and those of their invitees; (c) providing a trusted exchange of authenticated pubic keys of between the endpoints (d) uniquely associating a PKI certificate with each communication line.
Communication Lines detail the authenticated relationship established between each pair of endpoints; this is not a communication protocol, rather it is used independently of existing network/IoT communications protocols without conflict.
Building on the Secure Communication Line innovation, Digital Obedience of IoT devices can be achieved whereby IoT devices only talk to previously authenticated devices and no others. Non-authenticated and potentially malicious endpoints (whether IoT or not) will not have a digital certificate therefore a Digitally Obedient-compliant endpoint device will not communicate with it. Thus devices become undiscoverable by random scanning (e.g., SHODAN) and security will increase. Hacking and spoofing becomes more difficult: no communication line, no certificate, no access.
This Anti-Spoofing architecture is supported by a certificate-based model based on authenticated communication lines. The result could be considered “whitelisting on steroids”.
A key product of Digital Obedience is that device trust is enhanced by making adversarial intrusion more difficult to succeed.
SECURE IoT DEVICE GROUPS
IoT devices may be grouped into different groups and subgroups based on a predetermined criteria. This can provide unique stratifications for security and management of devices. Group membership for different groups is established through respective attribute certificates of the respective devices, which may include associated rules for group membership in the attribute certificate. Device group management provides more than one layer of security by permitting communication only between designated groups and/or subgroups. Also, the use of rules associated with communication lines and/or groups may further direct the handling of information for data privacy, for example, by including a requirement(s) for encryption of data; or directing from devices/endpoints may or may not receive specified data. This technology may address granularity of communication and data security requirements in such use cases.
In one example, a “group” could include all of the IoT devices in a single vehicle (a subgroup might encompass all rear sensors). In another group, authenticated personnel could be assigned to a “Maintenance Group” with that group’s membership manageable in real-time (any Maintenance Group member could be trusted by a vehicle’s IoT devices with that trust being confirmed by the “trusted” group attribute certificate described in the preceding “Secure IoT Device Groups” section). Other examples of possible groups are: the traffic lights in a city; all of the vehicles of a single OEM; a city’s fire engines; the front sensors of a vehicle; a defined group of roadway sensors; etc.
MANAGEMENT AND VISUALIZATION
Through the use and application of the technology and procedures of the security ecosystem, an OEM or other entity being responsible for controlling IoT devices could enhance that OEM’s management and control over such controlled IoT devices. By using the precision and trustworthiness of PKI, the OEM would have a dashboard with superb visualization of all devices, communication lines, groups, etc. under its management. The OEM would likewise benefit from the trusted provenance (origin) of records produced by the Security Ecosystems, and thus have confidence in trusted records being recorded on a blockchain.
With features such as digital signing, encryption, TrustScores of endpoints, layered auditability and visualization of trusted users and devices, the security ecosystem will provides an enterprise with many other benefits, for example to authenticate a remotely located device and bring it online into a network with trust.
The Security Ecosystem can be extended to manage and secure V2V (Vehicle-2-Vehicle) interactions as well as V2X (Vehicle to X – anything) interactions. [See the later sections herein on V2V and V2X.] In cases involving multiple OEM’s, it is expected that there will be more than one PKI in use (which means more than one Certification Authority issuing PKI certificates). This requires coordination between PKI’s. These PKI’s can: (1) apply the existing practice of Cross-Certification; and (2) have the Attribute Authorities of each PKI likewise coordinate and cross-certify Secure Communication lines, Secure Groups and other Security Ecosystem proprietary relationships.