Virtual Workshop on Trusted IoT Device Network-Layer Onboarding and Lifecycle Management

Monday, October 26, 2020

Workshop Objectives 

The National Institute of Standards and Technology (NIST) will host a virtual workshop on October 26, 2020. The purpose of the workshop is to discuss the challenges and investigate the practical and implementable approaches to enhance the security of IoT devices through trusted network-layer onboarding and re-onboarding of those devices throughout the device lifecycle. 

Background 

The National Cybersecurity Center of Excellence (NCCoE) is investigating the development of a project to demonstrate implementations for trusted network-layer onboarding of IoT devices. We define network-layer onboarding of an IoT device as provisioning  network credentials to that device at the time of the device’s deployment on a network. The trusted aspect of network-layer onboarding indicates that the device is provided with unique network credentials after the device and the network have had the opportunity to authenticate each other and establish an encrypted channel without user knowledge of the credentials, thereby mitigating unauthorized credential disclosure. Trusted IoT device onboarding processes are needed to mitigate the risk of unauthorized devices connecting to networks. Trusted onboarding processes are also needed to mitigate the risk of devices being taken over by networks that are not authorized to onboard them. 

The project’s goal is to enhance the overall security posture of IoT devices and, by extension, the security of the networks to which they connect. The project will be based on the initial concepts described in the draft NIST cybersecurity paper Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management. The objective of the project is to design, build, demonstrate, and document example trusted solutions that onboard IoT devices to networks and that support trusted re-onboarding of those devices throughout the device lifecycle to support operations such as device credential maintenance and eventual reuse of the device on other networks. In addition, the project seeks to further enhance IoT device and network security by integrating additional, optional related capabilities with the secure onboarding solutions, such as:  

  • use of attestation mechanisms to establish trust in the authenticity and integrity of the IoT device platform  

  • secure transmission of the device’s Manufacturer Usage Description (MUD) to the network to enable device intent enforcement 

  • secure application-layer onboarding (i.e., automatic, secure downloading of the device’s application from a trusted application server) 

  • secure establishment of an automated lifecycle management application/service for the device 

  • ongoing mutual attestation to ensure the trustworthiness of both the IoT device and the application/service that is managing it 

  • integration with a centralized asset management system to support cross-checking of discovered devices with onboarded devices 

 

A recorded version of the workshop will be made available here. To receive updates about this project, click here.  

Agenda 

11:00 – 11:10 EDT   

 NIST and NCCoE Overview 

Jeff Greene, Director, NCCoE

 11:10 – 11:15

 Workshop Introduction

Tim Polk, NCCoE 

 11:15 – 11:40 

 Workshop Overview, Background, and Challenges

Susan Symington, NCCoE

 11:40 – 11:50 

 NIST IoT Baseline with Respect to IoT Device Onboarding

Michael Fagan, NCCoE 

 11:50 – 12:00  

Moderated Q&A

Russ Housley, Virgil Security

 12:00 – 12:05 

 Break

 12:05 – 12:20  

 Standards, Technical, and Operational Considerations for IoT Device Onboarding and Lifecycle Management

Eliot Lear, Cisco

 12:20 - 12:35  

An Approach to IoT Device Onboarding and Lifecycle Management

Darshak Thakore/Craig Pratt, CableLabs

 12:35 - 12:50

Enhancing IoT Device Security Through Trusted Network-Layer Onboarding

Steve Clark, WISeKey

 12:50 - 13:00  

 Moderated Q&A

Scott Rose, NCCoE

 13:00 - 13:05  

 Break

13:05 - 13:20

Application Onboarding with Intel SDO and FIDO IoT

Geoffrey Cooper, Intel

13:20 - 13:35

IoT Device Onboarding with DPP

Dan Harkins, HPE

13:35 - 13:50

Trusted IoT Device Onboarding and Lifecycle Management

Alon Shamir, Arm

13:50 - 14:00

Moderated Q&A

Tim Polk, NCCoE

14:00 - 14:15

Next Steps/Wrap-Up

Curt Barker, NCCoE

  

Questions?  

Please send an email to  mitigating-iot-ddos-nccoe@nist.gov