KuppingerCole Report
Advisory Note
By John Tolbert

Identity in IoT

The Internet of Things (IoT) is a computing concept that describes a future where everyday physical objects are connected to the Internet and communicate with other devices and human users. Adding notions of digital identity has been problematic to date, but identity management solutions are on the horizon that will improve usability and security for IoT.

1 Executive Summary

Internet of Things (IoT) devices are proliferating as more consumers, companies, countries, and organizations embrace Digital Transformation. IoT is a ...

Manufacturing, as an example, has been operating shop floor equipment for decades with sensors that control processes, but these sensors have not been ...

Login Free 30-day Select Access Get full Access

2 Highlights

  • IoT is rapidly expanding into all corners of industrial, agricultural, and consumer life
  • IoT devices are communicating with a myriad of back-end a ...
Login Free 30-day Select Access Get full Access

3 Communication within IoT

The lack of technical capabilities in many IoT devices hampers the efforts of cybersecurity professionals to build in identity management and cybersec ...

Login Free 30-day Select Access Get full Access

3.1 IoT communication considerations

Many different types of transmitters and communication options exist for IoT devices. Though IoT as a concept is relatively young, we see device manu ...

Login Free 30-day Select Access Get full Access

3.2 IoT communication protocols

IoT devices can utilize several different protocols:

  • TCP/IP – Transmission Control Protocol over Internet Protocol is the primary protocol of th ...
Login Free 30-day Select Access Get full Access

4 Technical capabilities and limitations

In addition to communication prerequisites, IoT devices must possess sufficient processing power, memory, and storage to protect themselves on network ...

Login Free 30-day Select Access Get full Access

4.1 Processing and storage

Most first generation IoT devices were built expressly for their intended purpose, with little or no additional capacity for performing security and i ...

As in desktop and server computing, stronger and faster CPUs can enable more robust identity schemes.

IoT Device Model Technical Notes ...
Login Free 30-day Select Access Get full Access

4.2 Authentication options

Some basic IoT devices have no identity functions whatsoever. Others can pass a pre-determined username and password which is not (easily) configurab ...

Login Free 30-day Select Access Get full Access

4.3 Physical Unclonable Functions (PUFs)

PUFs can be derived from unique characteristics of the underlying silicon or integrated circuits produced during the manufacturing process. Some phys ...

Login Free 30-day Select Access Get full Access

4.4 Public Key Cryptography for IoT

x.509 certificates have been used as identity credentials for decades. They are common today in USB keys, Smart Cards, and for client-server identifi ...

For optimum use in IoT, device manufacturers should issue keys and certificates for each device at the time of manufacture. Issuers should use FIPS 1 ...

Login Free 30-day Select Access Get full Access

4.5 Secure Element and Trusted Execution Environment

Global Platform is an international standards organization that defines specifications for the Trusted Execution Environment (TEE), or the secure virt ...

Login Free 30-day Select Access Get full Access

4.6 Additional security tools

Desktop computing has seen the advent of numerous security tools over the past couple of decades. Firewalls, anti-malware, VPNs, vulnerability analyt ...

Login Free 30-day Select Access Get full Access

5 Identity and Access Management solutions for IoT

Forward thinking Consumer Identity and Access Management (CIAM) vendors are providing facilities to associate user identities with consumer device ide ...

Login Free 30-day Select Access Get full Access

5.1 OAuth 2.0 Device Flow

The majority of CIAM solutions for IoT Identity utilize the IETF’s OAuth 2.0 Device Flow for Browserless and Input Constrained Devices profile. Thi ...

Depending on the CIAM platform, additional technical capabilities of the registered devices, and agreements with IoT device manufacturers, consumers c ...

Login Free 30-day Select Access Get full Access

5.2 API Gateways

Given that many current generation IoT products on the market today lack the onboard technical capabilities for adequate device identity representatio ...

Login Free 30-day Select Access Get full Access

6 Challenges with integrating identity and IoT

The Internet of Things must have digital identity built-in to improve user experiences, privacy, and security. This begins with device identity, foll ...

Login Free 30-day Select Access Get full Access

7 Recommendations

Users of all types need to use, monitor, and manage IoT devices. IAM vendors, especially CIAM companies, are working to incorporate IoT device identi ...

Login Free 30-day Select Access Get full Access

Copyright

©2020 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole Analysts, founded in 2004, is a global analyst company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). KuppingerCole stands for expertise, thought leadership, outstanding practical relevance, and a vendor-neutral view on the information security market segments, covering all relevant aspects like: Identity and Access Management (IAM), Governance & Auditing Tools, Cloud and Virtualization Security, Information Protection, Mobile as well as Software Security, System and Network Security, Security Monitoring, Analytics & Reporting, Governance, and Organization & Policies.

For further information, please contact clients@kuppingercole.com.

top