Re: Intel EPID For Device Onboarding


Drasko DRASKOVIC
 

On Tue, Oct 31, 2017 at 2:18 PM, Zolfonoon, Riaz <riaz.zolfonoon@...> wrote:
At RSA, we have also looked into Intel SDO both jointly with Dell and separately before our merging. We came to the same conclusion as Jason mentioned. The solution solves a real need, but due to impact on the entire chain, from manufacturing to deployment, it will take time to gain traction in the market.

FYI, another option that RSA has looked into is FIDO and its attestation technique. Recently, FIDO formed a study group to explore the applicability and use cases for FIDO in IoT space. The objective was to explore if there are opportunities for FIDO to consider making the necessary changes to its specs to make them applicable to authentication of devices (in addition to today's focus which is user authentication). RSA was involved in this exercise. Among areas that the study group identified, one was FIDO attestation for IoT device onboarding. In this case, similar to EPID, silicon manufacturers need to engage as well, but the rest of the process is simpler than SDO. This work is still in progress and FIDO board is considering the recommendations from the study group.

I've also heard of some other proprietary methods discussed by vendors, but I'm not aware of any other standards. Does anyone know if OMA's LWM2M or other standards offer any secure onboarding solution that may already be implemented/deployed?
LwM2M has a very nice and simple onboarding method via separated
"Bootstrap" server. You can see explanation here:
https://medium.com/@vrmvrm/device-key-distribution-with-lightweight-m2m-36cdc12e5711
or in a few slides here:
https://www.slideshare.net/OpenMobileAlliance/oma-lwm2m-tutorial-by-arm-to-ietf-ace

It is described in details in the standard (i.e. boostraping procedure
is built into the standard).

Best regards,
Drasko DRASKOVIC
Mainflux Author and Technical Advisor

www.mainflux.com | Industrial IoT Cloud
-------------------------------------------------------------------
Engineering Division | Paris, France

LinkedIn: https://www.linkedin.com/in/draskodraskovic
Twitter: @draskodraskovic

Join EdgeX-TSC-Security@lists.edgexfoundry.org to automatically receive all group messages.