A Glimpse into the Future of Your Device

CMS VerdeTTo™ for IoT Security

A challenge in securing your device today is accounting for required device operations in one, five, and ten years from now. What is put in place today needs to be ready for future requirements, and for new configuration. Unlike your car or small home appliance, bringing most IoT devices "back into the shop" for maintenance will not be an option.

​Due to many foreseeable scenarios, the need for secure updates is essential. CMS VerdeTTo™ allows for the secure update of:

    • Certificates
    • Key stores - the device's identity, certificate and keys
    • Trust stores - who the device will trust
    • Device configuration
    • Device firmware

These updates are all performed through an authenticated and encrypted channel, and are all executed from a centralized console. The need to recall the device or be in physical contact with it is eliminated. The result is an optimal balance of business continuity, security, and operational efficiency.

Common scenarios to account for include:

Security Response

Proper security response to malicious events will require you to remotely update your devices. This may be the result of a network breach that exposed unprotected keys, or vulnerabilities discovered in the software of your device. As seen in recent well-publicized botnet attacks, when a device is deployed without the ability to remotely update it, the results can be damaging or even catastrophic. Similarly, as seen with the Mirai and Wirex botnets and the more recent Reaper malware, there could be the need to repeatedly update the device as malicious malware evolves into new, more complex, variants. Without this capability, devices can remain vulnerable to attack for unlimited periods of time, or even worse, can be the ones ‘on the attack’ throughout that duration.

Change of Ownership

Devices that you own today may be sold or transferred to another party in the future. Especially in the case of more expensive devices, and those with long deployment lifespans, the device's ownership may change hands one or more times without being brought back to the manufacturing line for reprogramming. The ability to replace a device's identity remotely allows you to modify its ownership, and more importantly, reconfigure who will trust it and who it trusts for data communication.

New Operators

In addition to transferring a device's ownership to another party, there is also the possibility that a new entity will be introduced to support that device and handle its maintenance or servicing. In such cases, rather than extending your Root of Trust from one organization to the other so that both can communicate with the device, you can add an additional identity to the device, so that both parties trust it and communicate with it using their private Root of Trust, certificates, and keys.

New Certificate Configuration

Over time, advances in cryptography allow for added secure data encryption. The IoT solutions in your data center - including IoT platform, applications, and network appliances - can all be easily upgraded to support a new cipher suite or algorithms. However, the benefits will not be realized until certificates on all deployed devices can be reissued or exchanged. A key element of device management includes the ability to securely install new certificates, and to revoke and remove legacy ones.

Expired Certificates

Certificates don't live forever. When they expire, so does the ability to authenticate a device with them and to encrypt data. In order to avoid downtown and outages, a common approach is to issue certificates with expiration dates that extend way beyond any reasonable expected lifespan for the device. Such practice solves the problem of how to replace expired certificates, but introduces additional, significant, problems in the overall trust and assurance level of the system. Being able to remotely deploy a new certificate to replace an expired one, is a requirement.