Securing IoT with Public Key Infrastructure (PKI)

June 24, 2020

Traditional PKI (Public Key Infrastructure) systems, with their reliability and effectiveness, have been successful in securing the IT ecosystem till date. It also makes them an inevitable candidate for securing the IoT ecosystem as well. Many existing IoT ecosystems are using PKI for achieving the CIA as it enables an organization to establish and maintain a trustworthy digital ecosystem (people, systems, and things) by managing keys and certificates.

The CIA Triad to Security Design

Any effective IoT security solution should meet the requirements put forth by the information security policy, i.e. the CIA triad:

Confidentiality: Prevent information access to unauthorized parties

Integrity: Preserve consistency, accuracy and trustworthiness of the data

Availability: Access to the intended item is ensured at all times

It serves two purposes. First, it can be utilized as a model for building security measures, and second, it warrants that important areas of security are covered.

The CIA security triangle is an important security concept because all security controls, mechanisms, and safeguards are implemented to provide one or more of protection types. All risks, threats, and vulnerabilities are measured for their potential capability to compromise one or all of the CIA triad principles.

Working Towards Hardened Security

Having said that, since PKI has become an integral part of IoT security, we need to be very cautious for situations in IoT where the lifetime of devices maybe for a longer duration, they may be running legacy apps with minimal or no upgrades. Apart from the hardened security and guiding principles, the IoT PKI needs to have some additional qualities while designing IoT security to fully serve the purpose in the IoT landscape:


  • Since PKI involves certificates, how easy it is to execute the change of ownership?
  • How much work does it require to change the PKI root of trust or certificates?


  • The requirements of IoT devices may vary drastically. There may be devices in the same network, which need lifetime certificates, whereas some may require short-lived certificates which ultimately leads to another question, does my PKI allow such customizations easily?


  • How much do we have to shell out for these certificates?


  • Having deployed the PKI, how much effort do we need to put in for skilling my users?
  • Are the certificates managed automatically or need human intervention?

A good IoT security solution will tend to improve the experience, by giving the appropriate tuning knobs in the hands of the user, at the same time automating the mundane operations. Protecting critical information along network connections is crucial and challenging. PKI did emerge as a viable option when applications were processed on centralized servers. But, as the industry is moving towards distributed processing, the need for a new approach has become evident. The goal is to create an ecosystem where the concept of easy generation and rotation of certificates is encouraged and trust is decentralized through the use of technologies that make it possible for geographically disparate entities to reach consensus on the state of a shared database.

Designed keeping these factors in mind, Hughes Systique’s zero-touch onboarding solution is an easy and effective solution that enables a secure network and a happier user. 


No Comments

Add Comment


We use cookies (including third party cookies) to ensure you get the best experience while visiting our website. Click "Accept All Cookies" to accept the cookie usage. Click "Cookie Settings" to adjust cookie settings.

Mandatory Cookies

These cookies cannot be disabled

These cookies are necessary for the website to function and cannot be switched off.

  • __RequestVerificationToken
  • authentication
  • dnn_IsMobile
  • language
  • LastPageId
  • NADevGDPRCookieConsent_portal_0
  • userBrowsingCookie

Analytics Cookies

These cookies allow us to monitor traffic to our website so we can improve the performance and content of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited or how you navigated around our website.

  • _ga
  • _gat
  • _gid

Functional Cookies

These cookies enable the website to provide enhanced functionality and content. They may be set by the website or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

  • __atuvc
  • euconsent

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.


Not used.