Security is a major challenge to successful implementation and acceptance of enterprise IoT deployments. The growth of smart machines, connected systems, and IoT devices beyond the traditional IT centric networks, present an unfamiliar challenge to many manufacturers. 

Instead of using Windows, IoS, Linux, or other large sophisticated operating systems, most IoT, IIoT and other embedded devices operate under the control of very small, real time operating systems (RTOS) or embedded Linux on a wide range of hardware. 

Because of these device’s limited resources, they require unique solutions that can function using these tiny operating systems. Unfortunately, most current IT security tools cannot function in these resource limited environments.

Prior to the acquisition, Icon Labs and Sectigo largely addressed different elements of IoT security. Sectigo is a certificate authority company and provides a purpose-built PKI platform for IoT certificate issuance, revocation, and management.  This enables OEMs to issue certificates to IoT devices enabling device authentication and secure communication.  Sectigo also provides code signing certificates for secure boot and secure firmware updates.

Icon Labs is focused on IoT device security and created a suite of endpoint security solutions that allow OEMs to build security into their devices.  These solutions provide OEMs the ability to implement the following capabilities:

• Secure boot and secure firmware updates
• Intrusion detection and intrusion protection
• Embedded firewall
• TPM and secure element libraries
• PKI and security management agent
• Encryption, authentication, and secure communication

Integrated, end-to-end security

These approaches are highly complementary and naturally fit together.  Combining these two approaches into a single unified platform is the vision of the combined company. 

Code signing for secure boot/secure updates relies on a code signing certificate. Secure data storage and secure data communication utilize certificates as does device authentication.  The integrated Icon Labs/Sectigo solution (IoT Security Platform) provides an end-to-end security solution for IoT OEMs. 

This enables OEMs to have a single vendor that can provide certificates for their IoT devices and solutions that utilize those certificates.  By integrating the Icon Labs PKI client with the Sectigo IoT manager, OEMs will be able to actively manage certificates over the life of their devices.  IoT devices will be able to renew certificates and ensure they are not using or accepting certificates that have been revoked.  Devices with a hardware secure element can use the hardware device to store their private keys, or utilize a software based secure key storage mechanism to protect private keys.

Supply chain security

Modern IoT devices are complex systems containing a wide array of components from a diverse set of suppliers, creating additional challenges for securing IoT devices.  The supply chain for even a relatively simple IoT device consists of many providers including chip vendors, tools vendors, and companies providing various software components.

Ensuring the authenticity of each component in the supply chain is critical; Sectigo, bolstered by its acquisition of Icon Labs, is building a solution to address this.  The vision is to enable OEMs to deploy the IoT Identity Management solution across their entire supply chain.

This will begin in the foundry, with certificates being injected into secure elements during production. During PCB manufacturing, an additional device identity certificate will be injected, but only after the hardware elements are validated as being authentic.  When enrolled in an operational network, the identity will allow the device to be validated as authentic before being enrolled on the network.

With properly implemented supply chain security, OEM’s products will only contain authentic, validated components. Enterprises will only deploy authentic products.  IoT devices will be hardened with robust endpoint security solutions.

Summary

PKI is the gold-standard for device authentication. IoT device manufacturers are adopting PKI for code signing, device authentication, and to enable secure communication with their IoT devices.  This is an important step in securing the IoT but doesn’t go far enough. OEMs must also ensure the integrity of their supply chain and devices must be hardened from cyber-attacks.  Icon Labs and Sectigo are leading the way in providing OEMs the solutions required for securing the IoT.