By David Curry | August 5, 2020

IoT devices using the digital ID can be more clearly identifiable and secure when connecting to other devices and networks.

Swiss cybersecurity company WISeKey recently announced a new type of authentication for IoT devices, in the form of a birth certificate, which would hold the device’s unique identity.

The digital ID contains basic information on the device, like its date and time of manufacture, company, and type of product. Through this, IoT devices can be more clearly identifiable and secure when connecting to other devices and networks.

WISeKey’s digital ID solution uses the public-private key cryptographic solution, with the private key protected through the company’s own VaultIC hardware.

WISeKey CEO, Carlos Moreira, demonstrated the certificate’s capability as a verification tool for object-to-object communication: “A car’s certificate is unique, and cannot be duplicated nor counterfeited.  At the same time, the connection between the car and the [electric charging] plug requires the same level of authentication, to keep connections safe, otherwise, an unauthorized plug can transfer malware to the car and allow hackers to later manipulate it. The certificate provides the security needed to protect devices and users.”

Proper IoT device security is still not a common thing, in both consumer and enterprise devices. Even though some manufacturers are beginning to add basic improvements to passwords and on-board cryptography, many are still vulnerable to simple hacking attempts.

“IoT devices are pure gold for an attacker because these devices are usually never off. It’s not like your laptop that you turn off, so these devices are almost always on, so DDOS attacks or crypto-jacking attacks on them are effective,” said chief security officer at IntSights, Etay Moar.

WISeKey’s solution is one of several being introduced to the market, in the hopes of comprehensively improving IoT security. Carnegie Mellon University’s CyLab has also proposed nutritional labels for IoT devices, as a way for vendors to inform customers of their security credentials.