Addressing challenges of security, cost and complexity tied to IoT device deployment at scale, the FIDO Alliance recently launched a new, open IoT standard that enables devices to simply and securely onboard to cloud and on-premise management platforms.
Called FIDO Device Onboard (FDO) for IoT, the new specification was collaboratively developed to solve the issue of IoT security in onboarding – just as the alliance has done with its FIDO authentication standards to help address the global data breach problem.
The FDO specification has reached Proposed Standard status and is open and free to implement. Initially, the specification is targeted at industrial and commercial applications.
“The FDO standard builds on our ongoing efforts to help close the security gaps that currently exist on the web, by expanding this work into IoT applications,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance.
He pointed out that companies see the huge potential of the IoT and the enormous benefits it can bring to manufacturing, retail, healthcare, transportation, logistics and more.
“The paradigm needs to shift immediately so we can move IoT technologies ahead with safer, stronger and more secure means of authentication for these important uses in industrial and commercial environments,” Shikiar said.
Formed in 2012, the FDO Alliance addresses the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords.
The FIDO Alliance has been introducing standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.
To date, the alliance is composed of over has 250 of the world’s most influential and innovative companies and government agencies, working on cybersecurity to eliminate data breaches and to secure online experiences.
Security a major barrier to IoT adoption
IDC expects the IoT market to maintain a double-digit annual growth rate and surpass the US$1 trillion mark in 2022.
Despite this projected growth, a recent survey has found a majority of businesses have serious concerns about breaches to their infrastructures. Of the 170 IoT leaders polled, the survey found that 85% say security concerns remain a major barrier to IoT adoption. Almost two-thirds (64%) of respondents stated that end-to-end IoT security is their top short-term priority, surpassing edge compute (55%), artificial intelligence (AI)/machine learning (50%) and 5G deployments (28%).
The new FDO standard is an automated onboarding protocol for IoT devices, leveraging asymmetric public key cryptography to provide the industrial IoT industry with a fast and secure way to onboard any device to any device management system.
“This is a major milestone that aims to solve one of today’s critical challenges with deploying IoT systems. The new FDO standard will help reduce cost, save time and improve security, all helping the IoT industry to expand rapidly,” said Christine Boles, vice president, Internet of Things Group and General Manager, Industrial Solutions Division at Intel. “Implementation of the FDO standard will enable businesses to truly take advantage of the full IoT opportunity by replacing the current manual onboarding process with an automated, highly secure industry solution.”
The business benefits from the FDO standard include:
- Simplicity – Businesses no longer have to pay more for the lengthy and highly technical installation process than they do for the devices themselves. The highly automated FDO process can be carried out by people of any level of experience quickly and efficiently.
- Flexibility – Businesses can decide which cloud platforms they want to onboard devices to at the point of installation (as opposed to manufacture). A single device SKU can be onboarded to any platform, thereby greatly simplifying the device supply chain.
- Security – FDO leverages an “untrusted installer” approach, which means the installer no longer needs – nor do they have access to – any sensitive infrastructure/access control information to add a device to a network.
Open-arm welcome
IoT industry stakeholders expressed optimism over the new FDO standard, which is expected to enable device makers to deploy, onboard and manage secure IoT devices faster at a lower cost.
“As the IoT rapidly expands, the security of devices cannot be optional, and a strong foundational root of trust is essential. It will help scale IoT across both industrial and consumer use cases,” said Mohamed Awad, vice president, IoT Business at Arm
Mohammad Zoualfaghari, research manager and IoT Architect at BT said: "FDO is a revolutionary standard, which can address a critical need for the IoT, Edge Compute and 5G industries and help them to scale up securely and fully automated, from the manufacturer to the consumer, from the device to edge, and from edge to the cloud."
Joe Pearson, technology strategist, IBM Cloud and Technical Steering Committee Chair, Open Horizon project, is looking forward to implementing FDO in their smart agriculture use cases and in the open retail reference architecture.
“The Open Horizon project wanted a simple solution to zero-touch provisioning that would have wide support from hardware manufacturers, maximum flexibility, and a staged approach. The FDO specification from the FIDO Alliance certainly meets those requirements,” said Pearson. “After implementing and shipping support in Open Horizon, we're pleased with the results and with the feedback we've received from those using it in the field.”
Jürgen Rebel, senior vice president and general manager Embedded Security at Infineon Technologies is pleased that the FDO protocol is built with security in mind.
“It enables FDO based systems to store the private key secrets and device credentials in a Trusted Platform Module. TPM is a widely accepted and used technology that creates trust in manufacturing and supply chain. It is a major contribution towards the acceleration of IoT device deployment,” Rebel said.
Sam George, VP of IoT, Microsoft Azure, echoed the same sentiment: “Device onboarding through a standardised protocol like FDO simplifies device set-up by abstracting the underlying complexities of the hardware, which will accelerate the adoption of IoT in industry. We are thrilled to see the FIDO Alliance address such a critical piece of the IoT device lifecycle.”