I have recently been looking at IoT and systems like https://www.smartthings.com, these systems seem in the majority seem to be lacking in authentication or encryption and/or rely on “cloud” systems that cease working when servers or internet connections have problems.
I have been thinking of the concept of using “micro” CAs in “hub” devices that client devices can register with and be
automatically issued client certificates, for the purposes of mutual authentication, using the ACME, or similar, protocol
This could work automatically localy in combination with discovery protocols, or more generaly over WAN or the internet
While i know something about information security i’m not that familiar with the intricacies of PKI, im interested in opinions on the feasibility, and potential issues, of this concept.
@fireblade, that Internet of Things security problem is a very tough one!
The design of ACME is focused around the PKI problem of proving associations between cryptographic keys and names; every cert that Let’s Encrypt issues using ACME contains a list of subject names and also a subject public key, and the point of the certificate is to say that the certificate authority has confirmed that it’s OK to use a particular subject public key when talking to someone who uses one of those subject names. For example, Let’s Encrypt issued one certificate, using ACME, that says that it’s OK to use the RSA public key (10001, bc6a865c19c03c9316b06c48a2a9bc56f4e1a6707c2120e4c8cb61548c57ed262f922518291440ba636779f9880351a8e66bfeb165eb97798ecadde356475c0b8ed8970bc3446843589d5e3b3e36db6182ecebab0cdccba22e1000a8fbf10d98eae309ea31ba3d9cd6cd333025d3e2b16ae0f93d69d02aba06461bba6792b9dde2c14834fbb6b04b769de58fc8dd56d60234a498bc83c4c6fdcef377b294fb61c9a68c52e6cdadb3005299a7ad4da06cbfbad0c0fc8de0e3b476e4ec805e4ac602ac136eeae5dfbe88a9d12eb38226308d1dc529c9051ce9d1affa8b6ba8e0406b1bf14011e87e07e527229f36e00725a6640d127db402ed9120aa26d1ba282d) when talking to someone using the name www.unhappybirthday.com.
ACME itself consists mostly of mechanisms that certificate authorities can issue to requesters in order to try to satisfy themselves that ① the requesters actually want to associate particular cryptographic keys with particular names, and ② the requesters actually control those names. This is what we call domain validation.
So, that’s what our technology can do. To apply it in another context, you need to figure out whether there are names that could be associated with cryptographic keys, how entities can figure out what those names mean, and how they can figure out who is entitled to use them.
In general, PKI doesn't set out to prove if someone/something is allowed to do anything.
It merely tries to secure the conversation between people/things.
So I'm not too clear on how you will validate the authenticity of a random IoT asking for a cert.
That said, I do suppose DNS can be used as the grand master of all things.
[if you can maintain control over the public DNS zone (or all the private DNS servers being used)]
From there you can say XYZ.EXAMPLE.COM = IP 10.10.10.10 and any device that answers to HTTP://{that name} can be issued a cert for that name.
[DV certs are issued with both server and client authentication capabilities]
From there all devices with such certs can be fairly sure about whom that are communicating with.
I hope that helps you (at least a little bit) with:
I slightly disagree with this in historical perspective. PKI sets out to provide a way to identify entities that are the subject of certificates. That can be used to grant permission to particular subjects to perform particular actions. For example, that's what we see with client certificates that can be used to log into accounts.
You could certainly use a PKI system to authorize a particular subject to open an electronic door lock, or something.
The web PKI is overwhelmingly used for authenticating TLS key exchanges, in order to provide authenticity and confidentiality for online communications, but that doesn't have to be the only purpose of a PKI, and is much narrower than the ambition of PKI designers (which you can see with the large number of fields that exist in X.509 for describing attributes of subject identity).
The problem is that, to use PKI identities for authentication in another context, someone needs to be able to make decisions about subjects' authority to do things. There's no way that a public certificate authority could make those decisions, any more than a bank could reasonably decide on its own who should be the heirs in someone's will, or what the amounts and recipients of a corporation's payroll payments should be.