Three Dependencies for Secure IoT Adoption - Part 2

 

The ECC cipher suites were first introduced in Transport Layer Security (TLS) version 1.0 and extended in versions 1.1 and 1.2. These TLS versions are supported by today’s modern operating systems like iOS, Android OS, Windows, Mac OS X and most Linux distributions.

Now that we see the advantages of ECC keys, how do we deliver them over the air to these things and devices? SCEP cannot be used any longer because it supports RSA-based keys only. The answer is Enrollment over Secure Transport (EST), which is defined in RFC 7030. EST mandates using HTTPS that can be protected by Suite B-compliant cipher suites in the TLS negotiation between the client and server.

In Part 3 of this blog series, I’ll discuss the migration from the IPv4 address space to IPv6. This is the third dependency for securing the Internet of Things and providing a baseline for successful adoption and implementation..

See also: Part 1 and Part 3 of this blog series.

James Saturnio

James Saturnio

Senior Lead Technical Market Adviser at MobileIron

About the author

James Saturnio is a Senior Lead Technical Market Adviser at MobileIron. He immerses himself in all things cybersecurity and has over 25 years’ experience in this field. He has been with MobileIron for over 6 years, and previously worked at Cisco Systems for 19 years. While at Cisco, he worked as a TAC Engineer, and then as a Technical Leader for the Security Technology and Internet of Things (IoT) business units. He was the main architect for the IoT security framework that is still being used today by Cisco’s IoT customers.