There are almost twice as many IoT devices as there are people in the world, and these vast IoT networks are critical for enterprise data collection. Unfortunately, these networks also represent prime targets for cyberattackers, providing a vector for attacks such as:
- Stealing or manipulating data: Attackers can insert themselves in a man-in-the-middle attack to intercept communications between devices and servers. This allows them to take all data produced and alter what’s exchanged.
- Harnessing computing power: Botnets used in other attacks, such as DDoS, spam email networks, and crypto mining need huge amounts of computing power. Dispersed and insecure IoT networks are a prime target to be compromised and forced to perform unwanted actions.
- Providing a backdoor into secure networks: Enterprise networks with firewalls and intrusion detection systems can be extremely difficult to break into. By hijacking the trusted authentication of IoT devices, attackers can send malicious packages or access networks.
For these reasons and more, IoT networks need to be protected by the highest level of security, such as public key infrastructure (PKI). PKI uses asymmetric key exchanges and cryptography to authenticate and secure communications between IoT devices and home servers. However, even PKI faces considerable challenges in terms of certificate and key management. We’ve previously looked at certificate management, so in this blog we’ll focus on the challenges and solutions to secure key management.
The challenges to secure key management
Like their counterpart in the physical world, digital cryptographic keys are only useful if they’re secure and limited in number. For cyberattackers, these private keys are a primary target, as other application defenses make attacks too time-consuming to be valuable.
Hackers can steal private keys in a variety of ways, including by hacking a root certificate authority (CA), hacking an IoT device and locating where its keys are kept, or stealing them while they’re in use. There is even an entire field of hacking dedicated to side-channel attacks, which use environmental data (sound, heat, and power usage) to identify what a cryptographic key might be.
Stolen private keys allow attackers to spoof the identity of the original key holder, giving them the power for digital signing (i.e., authenticating data that is sent) and granting them network access. The former allows them to send malicious data to servers and other devices, while network access can lead to significant damage. For example, the Axie Infinity hack in March 2022, one of the biggest of all time, saw $625 million being stolen from users. The attack was executed using stolen private keys, which allowed the hackers to compromise the network nodes that validated transfers on the game’s blockchain.
CA key management best practices
There are a number of features a CA can implement to ensure the private keys tied to its PKI network remain as secure as possible. Here are the most important:
Maintaining a CA key management lifecycle: Private keys go through many different stages, all of which need to be securely managed to prevent them from falling into the wrong hands. The full CA key management lifecycle is:
- Key generation: A private key is created and assigned to a unique identity.
- Key establishment: This key pairing is integrated with the PKI system.
- Key storage: The security of the key on the device.
- Key usage: The key is used for cryptographic operations, encrypting and decrypting data, digital signing, and device authentication.
- Key archival: Secure storage in case there is a need to recover encrypted data.
- Key destruction: The key is securely deleted without any trace of what it was.
Secure storage: Private keys should be held and perform cryptographic functions within hardware security modules (HSMs). Unfortunately, this isn’t always feasible for IoT devices, in which case software-defined storage (SDS) defenses must be deployed.
Access control: Access to private keys should be as limited as possible. This includes its use for actions on a device. Role-based access control (RBAC) can be used inside enterprises to limit how many people have access to private keys.
Certificate and key revocation: A core aspect of CA key management is the monitoring of the PKI network’s integrity. This is done by constantly assessing the trustworthiness and safety of all issued certificates and private keys. If a CA knows that the certificate or key has been compromised, it will then be added to its revocation list. This way, all networks know not to trust the device or user.
Conclusion
Although IoT networks provide great value to businesses, they also present a very large attack surface for cyberattackers. Secure PKI systems can keep these dispersed networks safe, but they rely on good key management practices to maintain trust and quickly identify compromised keys.
At Intertrust, we have already provisioned more than two billion secure identities for IoT devices, and CA key management is a core element of maintaining network security for our partners. With certificate provisioning that can easily scale to meet all needs, our iPKI is an affordable and flexible solution for IoT networks. To learn more, request a consultation today.