Secure device onboarding for manufacturing supply chain

Until now, there has been no broadly supported industry standard for automated secure device onboarding. The FIDO Alliance looks to change that.

By Chris Vavra August 25, 2021

The manufacturing sector is becoming more interconnected as the Internet of Things (IoT) allows data to be transferred from many devices. IoT device security is critical, and configuring credentials, a process called onboarding, is a slow and tedious process. Until now, there has been no broadly supported industry standard for automated secure device onboarding.

Richard Kerslake, general manager for Intel Corporation, said that is changing in his presentation “FIDO Device Onboard – a new industry standard that addresses the insecurity and cost of installing IoT devices” at the Fortinet OT Symposium, which was presented digitally on Aug. 24.

Kerslake said the onboarding challenge, until recently, was a manual process that required skilled staff members who knew how to manage the various IoT devices. With different types of hardware, operating systems (OS) and even headless displays, it was a real chore putting everything together. On top of all that, everything needed to be cybersecure. Even a proprietary zero touch solution, which is linked to one cloud platform, was limiting because it required precise knowledge of the target platform.

“There’s a long-term risk profile if not done properly,” Kerslake said. “There’s a very wide range of IoT devices. When we look at networks, there are many different kinds. All of these present challenges.”

Kerslake said the FIDO Alliance, a consortium of IoT experts looking to develop standards to simplify the onboarding process for manufacturers, is working to resolve that problem. From 45 IoT use cases, they were able to develop 19 derived requirements. Some of them include automatic onboarding, supply chain flexibility, deferred acceptances, late binding and localized authentication. From there, they developed FDO 1.0 PS in March 2021, an open-source platform. There are plans for future versions, but for now, the goal is building on their open-source code and expanding from there.

“We are thinking about what comes next,” Kerslake said. “We’re not going to make radical changes. Want people to adopt FDO 1.0. Any changes we make are incremental insofar as how you can make it more applicable to different kinds of situations.”

FDO benefits, examples

FDO 1.0 can offer many benefits for manufacturers that have industrial and enterprise devices. It’s also useful with multi-ecosystem applications and services and helps streamline distributor sales. Other benefits for manufacturers include:

  • Zero-touch onboarding: It can integrate with existing zero-touch solutions.
  • Speed and security: It is designed to onboard with IoT devices in less than a minute, which is up to 20 times faster than it would have been for a manual installer.
  • Hardware flexibility: It is designed to be hardware-agnostic and work with any microcontroller or computer processor.
  • Cloud flexibility: As with hardware, it is flexible and can work with the internet and on-premise.
  • Late binding: This reduces costs and complexity in the supply chain by providing a single SKU for all customers.

Late binding, in particular, is a key aspect of the process, Kerslake said. “Late binding reduces costs and complexity in supply chain, providing a single device SKU for all customers instead of making unique SKUs and creating a mess of things.”

All of this comes together in a six-step process that allows a single SKU to target multiple clouds.

  1. Enable and ship FDO-enabled devices.
  2. Register ownership to the target platform and send it to the supply chain.
  3. Register the devices to a rendezvous service, which is linked to a target cloud and the IoT device.
  4. Allow the IoT device to use FDO to find owner location.
  5. Authenticate devices with late binding provisioning.
  6. Send the protected sensor data to the IoT platform.

All of this is designed to be done repeatedly, streamlining the manufacturing supply chain in a secure way that reduces downtime and improves productivity. It’s one piece of a much larger puzzle, but the ability to work with just about any platform and IoT device can help create a streamlined system.

Chris Vavra, web content manager, CFE Media and Technology,

Author Bio: Chris Vavra is senior editor for WTWH Media LLC.