Zero-touch device identity management for IoT deployments that offers:
Inherent/increased security
Extended certificate lifecycle management
Zero-touch provisioning
Featuring
- Hardware root of trust = end-to-end, chip-to-cloud security
- IoT SAFE eSIM enabled IoT devices = zero touch provisioning/ re-provisioning of credentials
- Next generation DNSSEC-based IoT device identity attestation
IOT Registry
The Internet of Things (IoT) has opened a world of possibilities for connectivity and efficiency — but it also introduces a massive security risk. CIRA Labs has leveraged its decades of experience running the .CA Registry to address this risk, by building an innovative new registry for IoT devices.
In partnership with TELUS and Thales, CIRA Labs has developed an IoT Registry that offers secure device provisioning and management for IoT device manufacturers, mobile network operators and cloud providers.
End-to-end, chip to cloud security
CIRA’s IoT Registry ensures a hardware root of trust by using TLS-secured communication. It works by validating the identity of the device or server by providing a digital certificate signed by a recognized Certificate Authority (CA). The receiving server or program can then check the authenticity of the certificate.
IoT SAFE eSIM enabled IoT devices
Standards for device identity management are the key to keeping IoT devices secure.
CIRA’s IoT Registry uses the IoT SAFE standard, which was developed by the mobile industry to allow IoT device manufacturers and IoT service providers to leverage the IoT device’s SIM as a robust, scalable, and standardised hardware Root of Trust to protect IoT data communications.
DNSSEC as a chain of trust
CIRA’s IoT Registry uses DNSSEC to take secure communication to the next level. It approaches zero trust security for IoT provisioning by using DNSSEC to allow a client to verify the authenticity of the IoT device. The IoT Registry has a real time publicly available, trusted and verifiable Certificate/Certificate Authority.
The IoT Registry publishes DANE TLSA records signed with a DNSSEC record with a unique identifier for IoT Device Identity, linked to the IoT SAFE root of trust certificate.
More benefits of CIRA IoT Registry
Connectivity & protocol agnostic
Secure, seamless on-boarding with enterprise connectivity
Allows the SIM to be used for application-layer security, as well as mobile network authentication
IoT security at scale — for hassle free growth
What else does the IoT Registry offer?
- Always on; remote registration, activation & transfer = easy setup and lifecycle management & confirms that it belongs to vendor
- Remote turn-off, wipe-clean IoT device config for granular control of credential provisioning
- IoT security at scale — for hassle free growth
Who can use the IoT Registry?
This registry is being developed for use by the entire IoT community, from mobile network operators to device makers. It is geared towards:
- Cloud providers
- Mobile network operators — to increase adoption
- Device and modem makers — simplify supply chain
- SIM providers
- Network infrastructure providers — simplified and trusted identity management
- Secure IC vendors
Partner Projects
L-Spark MedTech Accelerator
CIRA, together with other mentors TELUS, BlackBerry, and Solace provided technical support to help integrate medical devices and software solutions through the L-SPARK MedTech Accelerator project. As part of Canada's leading accelerator for the Connected MedTech industry, CIRA’s IoT Registry works with innovative start-ups, including Nova Scotia IoT platform Dispension, in changing the way people access restricted products by making the transaction safe, secure, and convenient. Dispension's product makes it easy to access prescriptions and other restricted products in urban, rural, and remote locations. In their collaboration with CIRA, they accelerated the creation, integration, and commercialization of connected IoT medical devices.
Thales/Telus/CIRA POC
In partnership with TELUS and Thales, CIRA Labs has developed a Proof of Concept for an IoT Registry that offers secure device provisioning and management for IoT device manufacturers, mobile network operators and cloud providers. CIRA Labs brings its decades of experience running the .CA Registry to this project; while TELUS leverages its network for device-to-cloud communications. THALES e-SIMs embedded in IoT devices will ensure secure device-to-cloud communications.
Standards for device identification management are the key to keeping IoT devices secure. CIRA’s IoT Registry uses GSMA’s IoT SAFE standard, which was developed by the mobile industry to allow IoT device manufacturers and IoT service providers to leverage the IoT device’s SIM as a robust, scalable, and standardised hardware Root of Trust to protect IoT data communications.
L-Spark Secure IoT Accelerator
CIRA developed the first version of the IoT Registry for L-Spark’s Secure IoT Accelerator project. For this project, CIRA used a fictious smart parking meter use case to illustrate how an IoT Registry could track an IoT device’s eSIMID, public keys, cloud service provider, and mobile network operator (and their status). This information can then be used to create a public DNS record of certificate fingerprints that can authenticate individual IoT devices and their cloud service provider credentials based on the unique IoT device eSIMID — all while leveraging the internet based root of trust embedded in the DNS and DNSSEC.
Stay Informed
Visit the IoT Registry Project GitHub Repository.
Contact Us
Partners
