Date Published: September 8, 2020
Comments Due:
Email Questions to:
Author(s)
Susan Symington (MITRE), W. Polk (NIST), Murugiah Souppaya (NIST)
Announcement
This paper provides background information on trusted IoT device network-layer onboarding and lifecycle management. It defines a taxonomy of onboarding characteristics that will enable stakeholders to have a common language to describe and express their onboarding capabilities and fully capture the elements required to characterize potential onboarding solutions in protocol and product-agnostic terms. It also presents a proposed set of security considerations for network-layer onboarding.
We define network-layer onboarding of an IoT device as the provisioning of network credentials to that device at the time of the device’s deployment on a network. The trusted aspect of network-layer onboarding indicates that the device is provided with unique network credentials after the device and the network have had the opportunity to authenticate each other and establish an encrypted channel without user knowledge of the credentials, thereby mitigating unauthorized credential disclosure.
The benefits of a using a trusted network-layer onboarding mechanism are that it helps:
- prevent unauthorized devices from connecting to the network
- protect devices from being taken over by unauthorized networks
Internet of Things (IoT) devices are typically connected to a network. The steps performed to provision a device with its network credentials are referred to as network-layer onboarding (or simply, onboarding). This paper proposes a taxonomy for IoT device onboarding that can clearly express the capabilities of any particular onboarding solution. By providing a common language that describes and clarifies various onboarding characteristics, this taxonomy assists with discussion, characterization, and development of trusted onboarding solutions that can be adopted broadly. To provide context for the proposed onboarding taxonomy and to try to ensure its comprehensiveness, this paper also describes a generic trusted onboarding process, defines onboarding functional roles, discusses onboarding-related aspects of IoT lifecycle management, presents onboarding use cases, and proposes recommended security capabilities for onboarding.
Internet of Things (IoT) devices are typically connected to a network. The steps performed to provision a device with its network credentials are referred to as network-layer onboarding (or simply, onboarding). This paper proposes a taxonomy for IoT device onboarding that can clearly express the...
See full abstract
Internet of Things (IoT) devices are typically connected to a network. The steps performed to provision a device with its network credentials are referred to as
network-layer onboarding (or simply,
onboarding). This paper proposes a taxonomy for IoT device onboarding that can clearly express the capabilities of any particular onboarding solution. By providing a common language that describes and clarifies various onboarding characteristics, this taxonomy assists with discussion, characterization, and development of trusted onboarding solutions that can be adopted broadly. To provide context for the proposed onboarding taxonomy and to try to ensure its comprehensiveness, this paper also describes a generic trusted onboarding process, defines onboarding functional roles, discusses onboarding-related aspects of IoT lifecycle management, presents onboarding use cases, and proposes recommended security capabilities for onboarding.
Hide full abstract
Keywords
application-layer onboarding; authentication; bootstrapping; credentials; device lifecycle management; identity; internet of things (IoT); network-layer onboarding; onboarding
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
