18

I am reading a bit about the security of IoT devices and found quite a lot of articles describing how a PKI would be an improvement for the current infrastructure. I am, however, not convinced if setting up a PKI would improve security for most of the IoT use cases. I was wondering if I was seeing something incorrect. To give an example:

I understand how IoT devices used in Industrial Control Systems would benefit from a PKI, since they usually communicate without the interference of users and therefore cannot use traditional methods for authentication like passwords, biometrics and tokens.

For the more basic use cases like cameras, microwaves or refrigerators that are connected to the internet, I don't see the added value of a PKI. Am I overlooking something, or does PKI indeed not improve security for these devices?

Edit: some examples:

KojoUzochi
  • 343
  • 2
  • 9
  • If I understand you correctly, your question is actually focused on household IoT devices? – Tom K. Jan 22 '18 at 10:17
  • Correct, this distinction isn't made in online articles in general, but I can't think of valid usecases for household devices with a PKI. – KojoUzochi Jan 22 '18 at 10:21
  • 1
    Both articles you've mentioned lack a proper problem statement. The "trust" which appears to be a general problem for IoT (which is essentially customers, assumed to not be ready to trust potentially insecure devices) is different from the "trust chain" problem PKI solves. Looks like someone just got a hammer (PKI) and every problem is now a nail for them. – ximaera Jan 22 '18 at 11:13
  • 5
    I don't really understand why you make a difference between ICS IoT and IoT in households in terms of having a problem with authentication. While you acknowledge that ICS PKI *"cannot use traditional methods for authentication like passwords, biometrics and tokens"* you don't accept this for household IoT. But given that use of PKI is about authentication of the IoT device against the server you actually face the same problems with household IoT. – Steffen Ullrich Jan 22 '18 at 11:32
  • 2
    Am I the only one who feels that this question is too broad. OP needs to give a particular use case that he is thinking about. – Shurmajee Jan 22 '18 at 11:54
  • @Shurmajee I think the idea is PKI for authentication - why use PKI in a home when you have passwords and tokens and a trusted network? – schroeder Jan 22 '18 at 13:02
  • 1
    Imagine a world where IoT devices have no chain of trust for updating their code. Imagine a world where bad guys want to create botnets built from a sea of IoT devices. Now, imagine the same world, the one in which we live. PKI may be overkill for certain things on IoT devices, but code trust is not one of them. –  Jan 22 '18 at 16:05
  • @Helmar it's not about encryption, but about authentication via PKI – schroeder Jan 22 '18 at 21:17

1 Answers1

47

Let's look at your fridge. Why is it connected to the Internet? It could send maintenance data to the manufacturer, connect to stores to order food for you, or tell you its contents ("fridge, how many eggs do I have?").

If you classify this data as having no impact if adversely affected, then yes, a massive infrastructure like PKI would have little value (the risk is low).

But, it's not that low. Imagine a hacker accessing your fridge to raise the temperature and spoiling the entire contents? What about a hacker accessing the fridge and ordering tons of food on your account? What if the type of food you store indicates certain sensitive information about you (only kosher foods or only halal meats, suddenly no more alcohol (pregnant?), or a 1-off big order of cranberry juice that gets steadily consumed (urinary tract infection?)). What about stats on how often the door is opened (are the owners away?) Assessing the information this way indicates quite a different risk level.

PKI (properly implemented) can protect the control data (who can order, who can access, who can change settings) and can protect the information at rest and the information in transit.

Imagine a WhatsApp or Signal-like encryption process where only the manufacturer's certificates or your phone app can access the control functions, or even certain data. That's where PKI can be useful.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • Thanks for your answer, that does clarify it up a but. But considering your refrigerator example: does the refrigerator need a public key provided through a PKI? Isn't it sufficient for the server, that the refrigerator is connecting to, to have a (CA) certificate? – KojoUzochi Jan 22 '18 at 12:28
  • 10
    @KojoUzochi unless the certificate needs to change, it has been compromised and needs to be revoked, etc. PKI also allows the fridge to verify to whom it is connecting. PKI also opens up 3rd party processing. – schroeder Jan 22 '18 at 12:54