Identity for Everything - UNECE · 2018. 10. 15. · • Device registration, identity suspension,...
Transcript of Identity for Everything - UNECE · 2018. 10. 15. · • Device registration, identity suspension,...
-
Industrial IoT device identity management usingcryptography
Masakazu Asano - October 15, 2018
Identity for Everything
-
Copyright© 2018 GlobalSign. Confidential & Proprietary. All rights reserved. 2
Here a device is sending data up to the cloud in plaintext
Copyright GMO GlobalSign, Inc.
What happens if you don’t have identity?
Cloud
Platform
Impersonation
Disclosure
Control
-
Copyright© 2018 GlobalSign. Confidential & Proprietary. All rights reserved. 3
Here a device is sending data up to the cloud in plaintext
Copyright GMO GlobalSign, Inc.
What happens if you don’t have identity?
Cloud
Platform
Impersonation
Disclosure
Control
-
Copyright© 2018 GlobalSign. Confidential & Proprietary. All rights reserved. 4
With Certificate Authentication and Mutual TLS, these
are avoided
Device and Cloud now verify who they’re talking to
Data is encrypted over a secure channel
Copyright GMO GlobalSign, Inc.
How can certificates protect devices and data?
Cloud
Platform
-
Copyright© 2018 GlobalSign. Confidential & Proprietary. All rights reserved. 5
What‘s Digital Certificate for?
Device 1
-
Copyright© 2018 GlobalSign. Confidential & Proprietary. All rights reserved. 6
Why TLS?
•SSL1.0 (N/A)
•SSL2.0 (1995)
•SSL3.0 (1996)
•TLS1.0 (1999)
•TLS1.1 (2006)
•TLS1.2 (2008)
•TLS1.3 (2018)
-
Copyright© 2018 GlobalSign. Confidential & Proprietary. All rights reserved. 7
Why TLS?
-
Copyright© 2018 GlobalSign. Confidential & Proprietary. All rights reserved. 8
Role of PKI/Certificate
Authentication
Encryption
Dataintegrity
Authorization
-
Copyright© 2018 GlobalSign. Confidential & Proprietary. All rights reserved. 9
Provisioning to Devices
Trust
IoT Platform
-
Copyright© 2018 GlobalSign. Confidential & Proprietary. All rights reserved. 10
GenerateKeys
IoT Platform
Provisioning to Devices
-
Copyright© 2018 GlobalSign. Confidential & Proprietary. All rights reserved. 11
IoT Platform
IssueCertificates Device1
Device2
Cloud
Provisioning to Devices
-
Copyright© 2018 GlobalSign. Confidential & Proprietary. All rights reserved. 12
IoT Platform
Device1
Device2
Cloud
Communicate
Provisioning to Devices
-
Copyright© 2018 GlobalSign. Confidential & Proprietary. All rights reserved. 13
------------------------------------------------
------------
①Upload Device IDs
② Keygen and Issue request (Bulk)
③ Issue certificates
⑤Send PKCS#12
⑥Store Key and Certificate into Devices
One Use Case
-
Copyright© 2018 GlobalSign. Confidential & Proprietary. All rights reserved. 14
Full Device Lifecycle Management
Manufacture
Program
Deploy
Manage
Sunset
• Greenfield Identity provisioning
• Direct integration into manufacturing line
• Brownfield Identity provisioning
• Via Firmware OTA or during post-manufacturing boot
• Ongoing Identity management
• Device registration, identity suspension, renewal and transfer
• Identity revocation during device decommissioning
-
Thank you
About GlobalSign
GlobalSign is the leading provider of trusted identity and
security solutions enabling businesses, large enterprises,
cloud service providers and IoT innovators around the
world to secure online communications, manage millions
of verified digital identities and automate authentication
and encryption. Its high-scale Public Key Infrastructure
(PKI) and identity solutions support the billions of
services, devices, people and things comprising the
Internet of Everything (IoE).