Virtual Workshop on Trusted IoT Device Network-Layer Onboarding and Lifecycle Management

Monday, October 26, 2020

Workshop Overview 

The National Institute of Standards and Technology (NIST) hosted a virtual workshop on October 26, 2020. The purpose of the workshop was to discuss the challenges and investigate the practical and implementable approaches to enhance the security of IoT devices through trusted network-layer onboarding and re-onboarding of those devices throughout the device lifecycle. 

Workshop Recording 

Post-Workshop Materials

 Presentation #1   

  NIST and NCCoE Overview 

 Jeff Greene, Director, NCCoE

Presentation #2

  Workshop Introduction

 Tim Polk, NCCoE 

 Presentation #3

  Workshop Overview, Background, and Challenges

 Susan Symington, NCCoE

 Presentation #4

  NIST IoT Baseline with Respect to IoT Device Onboarding

 Michael Fagan, NCCoE 

 

 

 Presentation #5

 Standards, Technical, and Operational Considerations for IoT Device Onboarding and Lifecycle Management

 Eliot Lear, Cisco

 Presentation #6

 An Approach to IoT Device Onboarding and Lifecycle Management

 Darshak Thakore/Craig Pratt, CableLabs

 Presentation #7

 Enhancing IoT Device Security Through Trusted Network-Layer Onboarding

 Steve Clark, WISeKey

  

 Presentation #8

 Application Onboarding with Intel SDO and FIDO IoT

 Geoffrey Cooper, Intel

 Presentation #9

 IoT Device Onboarding with DPP

 Dan Harkins, HPE

 Presentation #10 

 Trusted IoT Device Onboarding and Lifecycle Management

 Alon Shamir, Arm

 

 

 Presentation #11

 Next Steps/Wrap-Up

 Curt Barker, NCCoE

 

Background 

The National Cybersecurity Center of Excellence (NCCoE) is investigating the development of a project to demonstrate implementations for trusted network-layer onboarding of IoT devices. We define network-layer onboarding of an IoT device as provisioning  network credentials to that device at the time of the device’s deployment on a network. The trusted aspect of network-layer onboarding indicates that the device is provided with unique network credentials after the device and the network have had the opportunity to authenticate each other and establish an encrypted channel without user knowledge of the credentials, thereby mitigating unauthorized credential disclosure. Trusted IoT device onboarding processes are needed to mitigate the risk of unauthorized devices connecting to networks. Trusted onboarding processes are also needed to mitigate the risk of devices being taken over by networks that are not authorized to onboard them. 

The project’s goal is to enhance the overall security posture of IoT devices and, by extension, the security of the networks to which they connect. The project will be based on the initial concepts described in the draft NIST cybersecurity paper Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management. The objective of the project is to design, build, demonstrate, and document example trusted solutions that onboard IoT devices to networks and that support trusted re-onboarding of those devices throughout the device lifecycle to support operations such as device credential maintenance and eventual reuse of the device on other networks. In addition, the project seeks to further enhance IoT device and network security by integrating additional, optional related capabilities with the secure onboarding solutions, such as:  

  • use of attestation mechanisms to establish trust in the authenticity and integrity of the IoT device platform  

  • secure transmission of the device’s Manufacturer Usage Description (MUD) to the network to enable device intent enforcement 

  • secure application-layer onboarding (i.e., automatic, secure downloading of the device’s application from a trusted application server) 

  • secure establishment of an automated lifecycle management application/service for the device 

  • ongoing mutual attestation to ensure the trustworthiness of both the IoT device and the application/service that is managing it 

  • integration with a centralized asset management system to support cross-checking of discovered devices with onboarded devices 

To receive updates about this project, click here.  

 
Questions?  

Please send an email to  mitigating-iot-ddos-nccoe@nist.gov