Zero-Touch Onboarding of IoT Devices to Support Trustworthy Computing

by University of Surrey

REWIRE is based on the Zero-trust notion of “Never trust, always verify”, and this is exactly the motivation behind the REWIRE actions to build a trust-aware Zero-Touch onboarding mechanism for IoT devices. At a high level, REWIRE works towards the definition of a trust framework that will be used to formally describe the policies, procedures, and cryptographic mechanisms for the operation of digital trust in the network. Trust and trustworthiness must capture a varied set of relationships and properties among entities, hosts, and other components of the network. These actions will form the background for the trust-aware zero-touch onboarding approach of REWIRE.

Undoubtedly, a cornerstone for establishing trust  in the REWIRE ecosystem is to make use of trusted computing by incorporating a Trusted Execution Environment (TEE) as a core building block. Specifically, REWIRE will use the open-source, customisable Keystone TEE to uphold key management systems of components, which are vital to build a reliable ZTO mechanism The ZTO mechanism to be designed will support automation of secure lifecycle management, including setup and configuration of a device. This will encompass processes such as secure onboarding and enrolment, runtime attestation, and software/firmware updates. The ways in which the ZTO will strengthen security measures and amplify trustworthiness of the system will be described in the following.

First and foremost, manufacturers pre-configure devices with certain characteristics, formally known as credentials, before the end-user or device attempts to access the network. Credentials and settings forming the device provisioning step include, but are not limited to, network parameters, security certificates, and device-specific identifiers, expressed as part of the Manufacturer Usage Description (MUD) profiles of the devices. Proceeding the manufacturing stage, deployment requires the device authenticates itself to access resources in the REWIRE network, as part of the secure enrolment phase. This phase is vital for establishing trust between the device and the REWIRE network to ensure that only authorised and  authenticated devices have access to the ecosystem, as specified in policies expressed in the MUD profile. Innovation in REWIRE lies on the steps taken to achieve secure enrolment, as it focuses on device identification and system integrity verification as a result of advanced TEE-supported attestation mechanism designed by the REWIRE consortium. Thus, only devices that have the necessary cryptographic keys but are on a correct state will be able to join the network.

An additional artifact that will be supporting and complementing the ZTO mechanism of REWIRE is blockchain! Following authentication, pre-defined policies will reside on the REWIRE blockchain platform persisting additional attributes that need to be issued by the device to enable proof of ownership of characteristics demonstrating expected behaviour. REWIRE will capitalise on the use of Verifiable Presentations, following the W3C standard, so that to issue attestation evidence on the correct state of the devices in the form of verifiable attributes that will be stored on the blockchain, making auditing and state validation a trivial process. Moreover, over-the-air software and firmware updates, policy enforcement, and monitoring are essential components to the continuous management of access control in the REWIRE network that will be supported by the REWIRE Blockchain infrastructure. By automating these steps, the ZTO protocol will reduce the need for manual configuration and minimise the risk of errors during deployment of massive IoT ecosystems.

The REWIRE ecosystem is inherently heterogeneous and large-scale, with lightweight resource-constrained devices attempting to access the network and communicate. Given that trusted computing is a core feature of the architecture, the ZTO protocol is an essential factor to supporting the requirements of the system alongside strong security guarantees including privacy-preservation and integrity. The core challenge in REWIRE will be designing a novel, more efficient cryptographic mechanism for the multi-step process described above. This involves seamlessly incorporating different technology means, whilst ensuring that specific security and efficiency metrics are met. It is a challenge, yes, but one that holds the promise of unlocking new possibilities in cybersecurity.

REWIRE consortium is now focusing on detailing and formally verifying the cryptographic protocols that will ensure the secure interactions among the IoT devices and the backend authentication and authorisation infrastructures. REWIRE aspires to deliver a full-fledged ZTO mechanism for IoT ecosystems until the end of the project. So, stay tuned for more updates through our blogs and scientific publications….

Leave a Reply