JOIN US FOR OUR FALL VIRTUAL TRAINING WEEK EVENT OCTOBER 18 - 22 - REGISTRATION IS OPEN! Save Your Spot
IIoT, Industrie 4.0

Secure device onboarding for manufacturing supply chain

Until now, there has been no broadly supported industry standard for automated secure device onboarding. The FIDO Alliance looks to change that.

By Chris Vavra August 25, 2021
Courtesy: Fortinet/Intel

The manufacturing sector is becoming more interconnected as the Internet of Things (IoT) allows data to be transferred from many devices. IoT device security is critical, and configuring credentials, a process called onboarding, is a slow and tedious process. Until now, there has been no broadly supported industry standard for automated secure device onboarding.

Richard Kerslake, general manager for Intel Corporation, said that is changing in his presentation “FIDO Device Onboard – a new industry standard that addresses the insecurity and cost of installing IoT devices” at the Fortinet OT Symposium, which was presented digitally on Aug. 24.

Kerslake said the onboarding challenge, until recently, was a manual process that required skilled staff members who knew how to manage the various IoT devices. With different types of hardware, operating systems (OS) and even headless displays, it was a real chore putting everything together. On top of all that, everything needed to be cybersecure. Even a proprietary zero touch solution, which is linked to one cloud platform, was limiting because it required precise knowledge of the target platform.

Internet of Things (IoT) device security is critical, and configuring credentials, a process called onboarding, is a slow and tedious process. Courtesy: Fortinet/Intel

Internet of Things (IoT) device security is critical, and configuring credentials, a process called onboarding, is a slow and tedious process. Courtesy: Fortinet/Intel

“There’s a long-term risk profile if not done properly,” Kerslake said. “There’s a very wide range of IoT devices. When we look at networks, there are many different kinds. All of these present challenges.”

Kerslake said the FIDO Alliance, a consortium of IoT experts looking to develop standards to simplify the onboarding process for manufacturers, is working to resolve that problem. From 45 IoT use cases, they were able to develop 19 derived requirements. Some of them include automatic onboarding, supply chain flexibility, deferred acceptances, late binding and localized authentication. From there, they developed FDO 1.0 PS in March 2021, an open-source platform. There are plans for future versions, but for now, the goal is building on their open-source code and expanding from there.

“We are thinking about what comes next,” Kerslake said. “We’re not going to make radical changes. Want people to adopt FDO 1.0. Any changes we make are incremental insofar as how you can make it more applicable to different kinds of situations.”

FDO benefits, examples

FDO 1.0 can offer many benefits for manufacturers that have industrial and enterprise devices. It’s also useful with multi-ecosystem applications and services and helps streamline distributor sales. Other benefits for manufacturers include:

  • Zero-touch onboarding: It can integrate with existing zero-touch solutions.
  • Speed and security: It is designed to onboard with IoT devices in less than a minute, which is up to 20 times faster than it would have been for a manual installer.
  • Hardware flexibility: It is designed to be hardware-agnostic and work with any microcontroller or computer processor.
  • Cloud flexibility: As with hardware, it is flexible and can work with the internet and on-premise.
  • Late binding: This reduces costs and complexity in the supply chain by providing a single SKU for all customers.

Late binding, in particular, is a key aspect of the process, Kerslake said. “Late binding reduces costs and complexity in supply chain, providing a single device SKU for all customers instead of making unique SKUs and creating a mess of things.”

Automated secure device onboarding is shown as a six-step process using the IoT as part of the delivery system for the supply chain. Courtesy: Fortinet/Intel

Automated secure device onboarding is shown as a six-step process using the IoT as part of the delivery system for the supply chain. Courtesy: Fortinet/Intel

All of this comes together in a six-step process that allows a single SKU to target multiple clouds.

  1. Enable and ship FDO-enabled devices.
  2. Register ownership to the target platform and send it to the supply chain.
  3. Register the devices to a rendezvous service, which is linked to a target cloud and the IoT device.
  4. Allow the IoT device to use FDO to find owner location.
  5. Authenticate devices with late binding provisioning.
  6. Send the protected sensor data to the IoT platform.

All of this is designed to be done repeatedly, streamlining the manufacturing supply chain in a secure way that reduces downtime and improves productivity. It’s one piece of a much larger puzzle, but the ability to work with just about any platform and IoT device can help create a streamlined system.

Chris Vavra, web content manager, CFE Media and Technology, cvavra@cfemedia.com.


Chris Vavra
Author Bio: Chris Vavra is the web content manager for CFE Media.