IoTAS: Certificate-less Device Identity
Certificate-less Device Identity
On the Internet and in a web browser, there is an assumption that one party is unknown (anonymous) – the customer or client, while one is known – the shop or bank or website, and that a third party is required to validate the shop, bank or website really is who they say they are so that you can trust them.
This is not the case for IoT, where for the large part, devices are known and not anonymous. This opens the door for much more efficient and targeted communications and requires different security technologies than in the world of the Internet/web. CENTRI IoTAS uses a much more secure and scalable approach to validate trusted devices without the need to exchange certificates.
How Certificate-less Device Identity Works
Rather than using certificates and SSL/TLS, which is suitable for browser-based connections and uses a partially clear, partially encrypted handshake, CENTRI has developed a certificate-less device identity based on unique hardware attributes and IDs in the device itself. Using manufacturer IDs, imperfections in the silicone, device maps, and other hidden uniqueness, CENTRI virtually stamps each device with a totally unique identification number which can be used to establish the identity of a device and, with the proper keys, trust the device.
When connecting across a network, this unique device identification can be sent instead of a certificate. This results in a drop from 1250+ bytes of typical SSL/TLS overhead to less than 300 with a handshake that is 100% encrypted and eliminates the need for a key and certificate authority system. CENTRI IoTAS still has the flexibility to allow for the use of certificates on top of its device integrity process if desired for additional validation.
Certificate-less Device Identity Benefits
- Certificates can be generated anywhere and everywhere and can be forged – CENTRI device identification establishes trust without this drawback
- Trust is tied to a specific device/hardware and is not generic like a certificate-based system
- IoT devices are not anonymous, they need explicit trust – CENTRI device identification establishes this trust without the drawbacks of anonymous certificates and vulnerable (partially in the clear) handshakes and exchanges
- 100% encrypted handshake, optimized for small devices with limited network bandwidth