The World Of Certs
For those who are unaware, certificates are a traditional way for one device to assert its identity to another device. Certificates are provided by an independent party, often called a Certificate Authority (CA), and that CA takes part in an exchange of certificates for mutual authentication. Succinctly, each device sends its cert to the other and then the receiving device sends the foreign cert to a CA for authentication. In a perfect world, this type of exchange results in two, previously disconnected, devices being able to know and talk with each other securely.
Too bad the world is not perfect.
Certs have been the subject of massive exploits in the past, they underlie the largest WiFi hack of a generation and now people can even use them to install malware and other unwanted software.
The problem with certificates is exacerbated in the world of the IoT due to the sheer number of devices. Every time two devices want to talk, in a traditional context, each device makes an Internet call to a CA, gets a response and then proceeds. This results in at least 2 Internet calls per communication and, since most IoT devices operate in a fire-and-forget manner, that means that every transmission has multiple calls to CAs. At the scale of tens of millions of devices constantly communicating, the number of Internet calls is overwhelming.
Forget for a moment that there are not any CA systems that can actually handle this scale or that making this number of calls in the highly disconnected, low energy IoT environment is unrealistic. The real problem is that these devices simply cannot keep up with a traditional approach. To this end, most IoT devices use what is called a “self-signed” certificate to get around this issue.
A self-signed certificate is one signed by the local device and it essentially says “you can trust me because I said so” – secure right?!?
These certs are literally files on a system, can be readily hijacked and provide no real protection. In fact, many of the vulnerabilities found in IoT devices stem from the erroneous use of these highly-insecure files.
The main source of these issues is the number of smart devices and yet those very same devices can be used to overcome this issue. There is an emerging best practice being utilized in the IoT termed an IoT broker. These brokers act as a localized CA and can shortcut the authentication chain without resorting to the security ineptitude of self-signed certs. This is a sound concept that is starting to gain traction.
Bear actually goes one step further and does away with certificates altogether. While Bear does utilize a similar concept of a broker, the Bear model forces a device to broker authentication first and then leverages that authentication to enable direct peer-to-peer authentication between local devices moving forward. This system optimizes peer authentication in a fire-and-forget communication paradigm while overcoming the holes in certificate-based operations. To this end, the Bear model is a hybrid of the IoT broker approach and the more robust Kerberos-style authentication.
Regardless of using Bear or not, traditional certificates – like most other older security efforts – do not work in the IoT. The evidence is mounting at an alarming rate and IoT operators really need to find better alternatives.