Alliance introduces open standard for Internet of Things security

A new open standard promises to make the integration of Internet of Things (IoT) devices into the cloud and on-promise platforms simpler and safer. The FIDO Device Onboard (FDO) protocol is an initiative by FIDO Alliance, an open association whose objective is reducing the worldwide dependence on passwords through the development and use of authentication and attestation standards for devices. With the FDO standard, the organization intends to facilitate the deployment of IoT devices at scale.

Numbers related to the IoT universe are generally huge, both in terms of business opportunity and volume of devices. However, in general, complexities when integrating IoT devices into industrial, business, or consumer environments have not been discussed, let alone the required configuration of credentials to operate safely.

The FDO specification seeks to precisely address these issues, initially for industrial and commercial applications. It uses asymmetric public-key cryptography to allow IoT devices to be included in any device management system in a simple way.

Today, this integration process is usually carried out by a technician manually – a slow, expensive and unsafe procedure. According to the FIDO Alliance, some companies even claim that it is not uncommon to see the installation and configuration costs exceeding the device cost itself. Other companies have tried to automate the integration but with no widely accepted standard. On the other hand, some proprietary solutions require the end-user to be known during the manufacture for the device to be pre-configured, which is impractical.

The FDO standard security approach is based on the “untrusted installer” concept, which means that the installer does not need access to critical access control infrastructure or information to integrate IoT devices into a network. In addition, the device integration process is highly automated and can be performed by people with any level of experience.

The alliance highlights the following potential FDO benefits:

1. Fully automatic integration
2. Fast and safer (about one minute process)
3. Hardware flexibility – from ARM microcontrollers to Intel Xeon processors
4. It can operate with any cloud or on-premise installation
5. Late device-to-cloud binding that greatly reduces the number of SKUs compared to other zero-touch offerings
6. Open specification
7. Industry standard backed by the FIDO Alliance
8. A specification developed by leading cloud service providers, semiconductor and security solution companies

The technical working group responsible for developing the FDO standard is led by Intel and Qualcomm, with support from Arm, Amazon Web Services (AWS), Google, and Microsoft.

The FIDO Alliance will hold a webinar on May 7 to introduce the FDO specification, potential use cases, and upcoming certification processes. For registration, access https://fidoalliance.org/event/securing-iot-with-fido-authentication/2021-05-07.