Re: Intel EPID For Device Onboarding


On Tue, Oct 31, 2017 at 2:18 PM, Zolfonoon, Riaz <riaz.zolfonoon@...> wrote:
At RSA, we have also looked into Intel SDO both jointly with Dell and separately before our merging. We came to the same conclusion as Jason mentioned. The solution solves a real need, but due to impact on the entire chain, from manufacturing to deployment, it will take time to gain traction in the market.

FYI, another option that RSA has looked into is FIDO and its attestation technique. Recently, FIDO formed a study group to explore the applicability and use cases for FIDO in IoT space. The objective was to explore if there are opportunities for FIDO to consider making the necessary changes to its specs to make them applicable to authentication of devices (in addition to today's focus which is user authentication). RSA was involved in this exercise. Among areas that the study group identified, one was FIDO attestation for IoT device onboarding. In this case, similar to EPID, silicon manufacturers need to engage as well, but the rest of the process is simpler than SDO. This work is still in progress and FIDO board is considering the recommendations from the study group.

I've also heard of some other proprietary methods discussed by vendors, but I'm not aware of any other standards. Does anyone know if OMA's LWM2M or other standards offer any secure onboarding solution that may already be implemented/deployed?
LwM2M has a very nice and simple onboarding method via separated
"Bootstrap" server. You can see explanation here:
or in a few slides here:

It is described in details in the standard (i.e. boostraping procedure
is built into the standard).

Best regards,
Mainflux Author and Technical Advisor | Industrial IoT Cloud
Engineering Division | Paris, France

Twitter: @draskodraskovic

Join to automatically receive all group messages.