The public comment period for volumes B through E of this practice guide is now open through June 20, 2023.
Trusted IoT Device Network-Layer Onboarding and Lifecycle Management
As with any other device, an IoT device needs appropriate credentials in order to connect to a network securely. The process of provisioning these credentials to the device is called network-layer onboarding.
Approaches to trusted network-layer onboarding of IoT devices and lifecycle management of the devices
Provisioning network credentials to IoT devices in an untrusted manner leaves networks vulnerable to having unauthorized IoT devices connect to them. It also leaves IoT devices vulnerable to being taken over by unauthorized networks. Instead, trusted, scalable, and automatic mechanisms are needed to safely manage IoT devices throughout their lifecycles, beginning with secure ways to provision devices with their network credentials—a process known as trusted network-layer onboarding. Trusted network-layer onboarding, in combination with additional device security capabilities such as device attestation, application-layer onboarding, secure lifecycle management, and device intent enforcement could improve the security of networks and IoT devices.
This draft practice guide aims to demonstrate how organizations can protect both their IoT devices and their networks. The NCCoE is collaborating with product and service providers to produce example implementations of trusted network-layer onboarding and capabilities that improve device and network security throughout the IoT-device lifecycle to achieve this.
The current lack of trusted IoT device onboarding processes leaves many networks vulnerable to having unauthorized devices connect to them.
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.
- Aruba, a Hewlett Packard Enterprise company
- Kudelski IOT
- NXP Semiconductors
- Open Connectivity Foundation (OCF)
- Sandelman Software Works
- Silicon Labs
Cybersecurity Paper: Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management
This document provides background information on trusted IoT device network-layer onboarding and lifecycle management and defines a taxonomy of onboarding characteristics that can be used to discuss potential onboarding solutions in product-agnostic terms. This document in conjunction with the Virtual Workshop on Trusted IoT Device Network-Layer Onboarding and Lifecycle Management informed the development of the project description.
Join the Community of Interest
A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI.