Device Authentication
It is essential to have a trusted ecosystem of authorized devices and authorized services. Unauthorized devices are not allowed to interact with authorized services in a trusted ecosystem. Compromised devices often fail to connect with the IoT system and hamper the overall security. Hence, it is imperative to authenticate devices to avail data of an IoT device.
/IOTCONNECT™ platform allows you to securely connect your devices and authenticate within the ecosystem. This allows both the entities (devices and the platform) to prove to each other that they are authorized members of /IOTCONNECT™ ecosystem.
There are three major factors that need to be ensured during device authentication:
- The device is genuine
- It is running a genuine software
- It is working on behalf of a trusted user
Here are the two device authentication methods under X.509 certification used by /IOTCONNECT™ to verify any device:
- Self-signed
- CA signed
X.509 certification
X.509 certificate PKI is used to authenticate devices to IoT Hub and secure the IoT Hub endpoints. The process begins with registering and uploading X.509 certificates to an IoT Hub which will be used for authentication of IoT devices to the IoT Hub whenever they connect. This authentication process saves you from generating private secure keys for every IoT device. With X.509 CA feature, you need to register the certificate just once, and then use it to connect and authenticate as many devices as you want.
This authentication method mentioned above are great to identify and authenticate a device. It is recommended to use either of the X.509 certificates as replacing symmetric keys is both hard as well as less secure.