LEARNING OBJECTIVEWith the growth of IoT continuing to rise, businesses often feel pressure to integrate connectivity into new or existing products lines quickly. As a result, security can become a last-minute consideration, making billions of devices vulnerable to attacks and intrusions that can compromise personal privacy, public safety, and company reputations.
This hands-on lab will explain how to leverage enterprise public key infrastructure (PKI) technology during the manufacturing and provisioning process to establish trust and ensure secure communication between connected devices in the field and a cloud platform. Attendees will walk away with an understanding of what a certificate authority (CA) is and how to function as one, how to generate a certificate signing request (CSR) and what functions they serve, the differences between symmetric and asymmetric cryptography, and how to engage with a PKI provider to develop a production-grade security strategy.
HOW THIS FITS INTO IOT This workshop addresses technology within the transport layer security (TLS) component of the IoT stack as devices in the field use Internet-based protocols, like HTTP or MQTT, to communicate with a cloud platform. This portion of the stack plays an enormous role in securely provisioning devices to IoT platforms.
WHAT ATTENDEES DOAttendees will use open-source tools to complete a public key infrastructure (PKI) integration. First, attendees will function as a certificate authority (CA) to create root and intermediary CA certificates. Next, they will create a public certificate and private key for a specific device and generate a certificate signing request (CSR) from that key-pair for CA signature. Attendees will also learn how to sign the CSR as the CA. Finally, they will install a signed CSR on the device and connect to a cloud platform.
WHAT ATTENDEES BRINGA laptop with the following software installed:
- Windows: Cygwin (with OpenSSL and Curl)
- OSx: OpenSSL, Bash, and Curl
- Linux: OpenSSL, Bash, and Curl
KNOWLEDGE REQUIREDA general understanding of a typical provisioning process between devices and a cloud platform is helpful, but not required.
PRE-CLASS SETUPAttendees should ensure the software identified in the “What Attendees Bring” section has been installed on their laptop prior to the lab. It would be helpful, but not required, to make a free
Exosite accountWHAT ATTENDEES RECEIVELINKS & READING MATERIAL ‣
Install Cygwin ‣
Alice and Bob