Intel EPID For Device Onboarding


Drasko DRASKOVIC
 

HI all,
during the last f2f meeting in Barcelona, we mentioned problem of
device onboarding, and problem of dedicating a distinctive asymmetric
key to each device during manufacturing phase.

I was looking yesterday a video on edge security:
https://www.youtube.com/watch?v=A6KoS7CQaqs, and saw that there are
already implementation of Intel's EPID
(https://en.wikipedia.org/wiki/Enhanced_privacy_ID) used on Dell's
gateways.

On a very fast glance
(https://img.en25.com/Web/McAfeeE10BuildProduction/%7Ba6dd7393-63f8-4c08-b3aa-89923182a7e5%7D_EPID_Overview_Public_2016-02-08.pdf?elqTrackId=48387d7899274c7985c6ac808d6ecbac&elqaid=7811&elqat=2),
I like the idea of having one-to-many mapping of public-private keys,
at least for two reasons:
1) It is easier to keep just one public on a server and not to have
quaries each time a device onboards to find it's public key (although
probably query for the group must be done)
2)You can keep anonymity on a group level


I was wondering - did anybody had experience with EPID before? I see
that it is open standard, I saw even some Apache-2.0 device-side
implementations (https://github.com/Intel-EPID-SDK/epid-sdk), but I
was wondering how open it is and can it be useful for EdgeX case?

Best regards,
Drasko DRASKOVIC
Mainflux Author and Technical Advisor

www.mainflux.com | Industrial IoT Cloud
-------------------------------------------------------------------
Engineering Division | Paris, France

LinkedIn: https://www.linkedin.com/in/draskodraskovic
Twitter: @draskodraskovic

Join EdgeX-TSC-Security@lists.edgexfoundry.org to automatically receive all group messages.