IoT Security Foundations: Certificate Authentication in the Internet of Things

In this article, part three of the IoT Security Foundations series, we examine issues related to certificate authentication and the complexities around its use in the Internet of Things.

Many security issues that plague the Internet of Things are directly caused by insecure password authentication. We have reviewed these issues and possible solutions in the previous article. Certificate authentication provides a stronger alternative, as unlike passwords, it does not rely on a short token memorized by a human operator; instead, it uses public key cryptography, with larger storage and processing requirements, more advanced protocols, and better security guarantees as a result. Certificate-based authentication is common in the Internet of Things: outside of regular client-server communication, it is used in such areas as firmware updates and local access. This article should be useful to IoT manufacturers and service providers looking for the right way to design their certificate management.

Continue reading “IoT Security Foundations: Certificate Authentication in the Internet of Things”

Installing Dropbear with Enhanced Security Options

This guest article is a detailed guide to the Dropbear SSH service, intended for technical readers. It is meant to be one of the first in the VDOO Library, a collection of in-depth technical articles and guides which would provide practical advice to device makers, administrators and users.

Our guest writer, Donald A. Tevault, is a Linux security expert, instructor and consultant, and the author of the book “Mastering Linux Security and Hardening”.

Continue reading “Installing Dropbear with Enhanced Security Options”

IoT Security Foundations: Authentication on the Internet of Things

This article is part two of the IoT Security Foundations series. In this post we will introduce authentication, its pitfalls, and what makes it interesting in the Internet of Things. This article focuses on password authentication mechanisms, the most common ways they get broken, and the right measures that IoT makers can take to achieve a high level of security. There are other advanced authentication methods, that can be more secure or more efficient than password authentication under specific scenarios, but we will leave the details of those for a later article in this series.

Continue reading “IoT Security Foundations: Authentication on the Internet of Things”