WISeKey’s accredited Public Key Infrastructure Root-of-Trust combined with its tamper resistant secure elements including a preloaded digital certificate procure unpreceded security to any connected objects, be it an equipment on a factory floor, a smart meter or a remotely controlled device, such as a drone. This protects companies against ever increasing risk of cyberattacks, thus safeguarding their revenue, brand image and valuable assets.
Whenever a device gets connected to a network to be remotely monitored and controlled, direct contact with this device is lost. Physical barriers, such as entry doors to get to the factory being gone and the device often being accessed through a Zero Trust Network such as the Internet , its functioning can be altered by unauthorized parties, resulting in a loss of assurance that data coming from it is actually authentic, unmodified, unspied and therefore trustworthy.
Hackers enjoy such weaknesses.
Connecting a device without the proper security is asking for trouble. The question is not if you’ll be attacked, the question is when.
Protecting a connected device comes down to some basic rules:
The foundation of digital security is digital identity. WISeKey, as a Swiss provider of WebTrust approved digital certificates and certified tamper resistant secure elements, offers globally trusted digital identities from the very moment of device manufacturing. Through its lifetime, this device can be identified, authenticated, authorized and thus trusted thanks to WISeKey’s INeS completely integrated Certificate Management System.
What is a digital Identity?
A digital identity is the digital equivalent of a passport or photo ID. It consists of a unique digital attribute stored in the device, recognized and certified by a trusted third party. This attribute is actually stored in a secure element, a tamper resistant microcontroller located in the device, holding a secret private key and a related public key cryptographically signed together with other information by this trusted Certificate Authority (CA).
Authenticating a device
The authentication of a device is done through industry-standard protocols, such as SSL/TLS. This protocol allows a backend server or IoT platform to check the validity of the digital identity. It checks the status of the device certificate and its origin. It also checks the signature the device generates on a given random challenge. If the digital identity passes verification, the device is considered authentic beyond doubt, as the information used in the device to generate the signature is protected by the tamper resistant secure element and thus cannot be spoofed or cloned.
Securing the communication
From the digital identity verification, based on the secret information used therein, session keys are derived to protect the communication channel. Communication can be encrypted, authenticated and its integrity protected. As the secure element handles this key derivation, here again, a solid trust can be vested in this secure communication channel.
Preventing unauthorized firmware execution and updates
A connected device is vulnerable to malicious firmware modifications through standard channels implemented for firmware updates. A simple login/password is not sufficient at all to protect any firmware modification. A simple digital signature based on a public/private key pair held by the editor of the new firmware neither, as clever hackers can circumvent software protection around the signature verification.
Here again, a secure element brings a real advantage for the protection of the editor’s public key certificate and the validation of the signature of the new firmware.
Examples of applications
These types of protection have been successfully applied to applications such as:
Key features of VaultIC4xx secure elements
Key features of INeS